diff options
| author | Leonidas <[email protected]> | 2026-01-13 16:53:30 +0100 |
|---|---|---|
| committer | Frank <[email protected]> | 2026-01-13 19:50:49 -0500 |
| commit | 5b699a0d9b2aa11dc598b4d341123c3c4cafe15b (patch) | |
| tree | d8d9149d5f72fb39fef201d5ffea89e193d95329 | |
| parent | bc557e828d150b02e54776e47f36d2b684da2f9f (diff) | |
| download | opencode-5b699a0d9b2aa11dc598b4d341123c3c4cafe15b.tar.gz opencode-5b699a0d9b2aa11dc598b4d341123c3c4cafe15b.zip | |
fix(github): add persist-credentials: false to workflow templates (#8202)
| -rw-r--r-- | github/README.md | 11 | ||||
| -rw-r--r-- | packages/opencode/src/cli/cmd/github.ts | 2 | ||||
| -rw-r--r-- | packages/web/src/content/docs/github.mdx | 17 |
3 files changed, 20 insertions, 10 deletions
diff --git a/github/README.md b/github/README.md index 954710f23..8238bdc42 100644 --- a/github/README.md +++ b/github/README.md @@ -81,12 +81,13 @@ This will walk you through installing the GitHub app, creating the workflow, and permissions: id-token: write steps: - - name: Checkout repository - uses: actions/checkout@v6 - with: - fetch-depth: 1 + - name: Checkout repository + uses: actions/checkout@v6 + with: + fetch-depth: 1 + persist-credentials: false - - name: Run opencode + - name: Run opencode uses: anomalyco/opencode/github@latest env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} diff --git a/packages/opencode/src/cli/cmd/github.ts b/packages/opencode/src/cli/cmd/github.ts index d8b1bea30..927c964c9 100644 --- a/packages/opencode/src/cli/cmd/github.ts +++ b/packages/opencode/src/cli/cmd/github.ts @@ -394,6 +394,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Run opencode uses: anomalyco/opencode/github@latest${envStr} diff --git a/packages/web/src/content/docs/github.mdx b/packages/web/src/content/docs/github.mdx index 879914c74..6e8b9de4d 100644 --- a/packages/web/src/content/docs/github.mdx +++ b/packages/web/src/content/docs/github.mdx @@ -57,12 +57,13 @@ Or you can set it up manually. permissions: id-token: write steps: - - name: Checkout repository - uses: actions/checkout@v6 - with: - fetch-depth: 1 + - name: Checkout repository + uses: actions/checkout@v6 + with: + fetch-depth: 1 + persist-credentials: false - - name: Run OpenCode + - name: Run OpenCode uses: anomalyco/opencode/github@latest env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} @@ -135,6 +136,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Run OpenCode uses: anomalyco/opencode/github@latest @@ -172,6 +175,8 @@ jobs: issues: read steps: - uses: actions/checkout@v6 + with: + persist-credentials: false - uses: anomalyco/opencode/github@latest env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} @@ -223,6 +228,8 @@ jobs: - uses: actions/checkout@v6 if: steps.check.outputs.result == 'true' + with: + persist-credentials: false - uses: anomalyco/opencode/github@latest if: steps.check.outputs.result == 'true' |
