From 6921d9d97ef7b02510c5a687298b16cc8a034ecd Mon Sep 17 00:00:00 2001
From: Patrick Linnane <patrick@linnane.io>
Date: Sat, 23 Nov 2024 11:05:17 -0800
Subject: [PATCH 1/2] workflows/build: fix zizmor findings

Signed-off-by: Patrick Linnane <patrick@linnane.io>
---
 .github/workflows/build.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 63c3f12..4cd27e3 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -26,6 +26,8 @@ jobs:
           - container: debian7
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Build Docker image
         run: docker build --tag ${{matrix.container}} .

From 1d837a765de2df41af7f95b06f707ee4b91b84b7 Mon Sep 17 00:00:00 2001
From: Patrick Linnane <patrick@linnane.io>
Date: Sat, 23 Nov 2024 11:05:32 -0800
Subject: [PATCH 2/2] workflows/release: fix zizmor findings

Signed-off-by: Patrick Linnane <patrick@linnane.io>
---
 .github/workflows/release.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4b25cc3..b21aa69 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,6 +21,8 @@ jobs:
       TAG: ${{github.event.inputs.tag}}
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Download binaries from GitHub Actions
         uses: actions/download-artifact@v4