Commit 4919ec5
authored
fix: persist credentials for git push in update-major-minor-tags workflow (#312)
## Problem
After upgrading to `actions/checkout@v6`, the `update-major-minor-tags`
workflow fails with:
```
fatal: could not read Username for 'https://github.com': No such device or address
```
Example:
https://github.com/astral-sh/ruff-action/actions/runs/21509988231/job/61974754475
## Root Cause
`actions/checkout@v6` changed the behavior of `persist-credentials:
false`. In v6, credentials are immediately cleaned up after checkout,
whereas in v5 they remained available during the job.
The workflow sets `persist-credentials: false` and then tries to `git
push` — but the auth credentials are already gone.
## Fix
Explicitly set `persist-credentials: true` (removing the `false` value).
The workflow already has minimal permissions (`contents: write`) scoped
only to this job, so this is safe.
Added a `zizmor: ignore[artipacked]` comment in case the security linter
flags this pattern.1 parent 1977806 commit 4919ec5
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
21 | | - | |
| 21 | + | |
22 | 22 | | |
23 | 23 | | |
24 | 24 | | |
| |||
0 commit comments