From a1470cfb69cc3a66489dc554e616f8cb0d1290bf Mon Sep 17 00:00:00 2001
From: Alex Tomkins <tomkins@darkzone.net>
Date: Sat, 14 Dec 2024 16:17:13 +0000
Subject: [PATCH] Don't persist git credentials after checkout

---
 .github/workflows/ci.yml                                         | 1 +
 {{cookiecutter.project_slug}}/.github/workflows/ci_geodjango.yml | 1 +
 {{cookiecutter.project_slug}}/.github/workflows/ci_standard.yml  | 1 +
 3 files changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1fde260..c2a800d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -19,6 +19,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Install Ubuntu packages
         run: |
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/ci_geodjango.yml b/{{cookiecutter.project_slug}}/.github/workflows/ci_geodjango.yml
index e8a3b5c..2b8ae4c 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/ci_geodjango.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/ci_geodjango.yml
@@ -12,6 +12,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Install Ubuntu packages
         run: |
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/ci_standard.yml b/{{cookiecutter.project_slug}}/.github/workflows/ci_standard.yml
index 43ce08c..d48a599 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/ci_standard.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/ci_standard.yml
@@ -12,6 +12,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Setup Python
         uses: actions/setup-python@v5