WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
04/21/2026 04:56:34 PM (6 weeks ago)
Author:
johnbillion
Message:

Build/Test Tools: Address some issues in GitHub Actions workflow files as reported by Zizmor.

This removes unnecessarily broad inheritance of secrets, replaces some GitHub Actions expressions with environment variables, removes git credential persistence, and adds documentation to the readme.

See #64227

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/.github/workflows/phpunit-tests.yml

    r61875 r62251  
    6767    permissions:
    6868      contents: read
    69     secrets: inherit
     69    secrets:
     70      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
     71      WPT_REPORT_API_KEY: ${{ secrets.WPT_REPORT_API_KEY }}
    7072    if: ${{ startsWith( github.repository, 'WordPress/' ) && ( github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' ) }}
    7173    strategy:
     
    144146    permissions:
    145147      contents: read
    146     secrets: inherit
     148    secrets:
     149      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
     150      WPT_REPORT_API_KEY: ${{ secrets.WPT_REPORT_API_KEY }}
    147151    if: ${{ startsWith( github.repository, 'WordPress/' ) && ( github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' ) }}
    148152    strategy:
     
    196200    permissions:
    197201      contents: read
    198     secrets: inherit
     202    secrets:
     203      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
     204      WPT_REPORT_API_KEY: ${{ secrets.WPT_REPORT_API_KEY }}
    199205    if: ${{ startsWith( github.repository, 'WordPress/' ) && ( github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' ) }}
    200206    strategy:
     
    239245    permissions:
    240246      contents: read
    241     secrets: inherit
     247    secrets:
     248      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
     249      WPT_REPORT_API_KEY: ${{ secrets.WPT_REPORT_API_KEY }}
    242250    if: ${{ startsWith( github.repository, 'WordPress/' ) && ( github.repository == 'WordPress/wordpress-develop' || github.event_name == 'pull_request' ) }}
    243251    strategy:
     
    268276    permissions:
    269277      contents: read
    270     secrets: inherit
     278    secrets:
     279      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
     280      WPT_REPORT_API_KEY: ${{ secrets.WPT_REPORT_API_KEY }}
    271281    if: ${{ ! startsWith( github.repository, 'WordPress/' ) && github.event_name == 'pull_request' }}
    272282    strategy:
Note: See TracChangeset for help on using the changeset viewer.