From c3a9b181547c0d37aa7427a3e727b1df5d0033f5 Mon Sep 17 00:00:00 2001
From: Kichura <68134602+Kichura@users.noreply.github.com>
Date: Sun, 15 Dec 2024 15:05:43 +0100
Subject: [PATCH] Do not persist credentials.

Prevents workflow from getting exposed to greater risks than imagined, This was caught by the "zizmor" rust library.
---
 .github/workflows/build.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 9d38156..d4a6f6d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -50,6 +50,7 @@ jobs:
         if: github.event.inputs.ref == ''
         with:
           submodules: recursive
+          persist-credentials: false
 
       - name: Checkout specific build and submodules
         uses: actions/checkout@v4
@@ -57,6 +58,7 @@ jobs:
         with:
           ref: ${{ github.event.inputs.ref }}
           submodules: recursive
+          persist-credentials: false
 
       - name: Add MSBuild to PATH
         uses: microsoft/setup-msbuild@v2