From 1daad7d70868b50ef55e7f7d33e2e9501e600b71 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Leconte <ins0mniaque@gmail.com>
Date: Thu, 12 Dec 2024 14:11:52 -0500
Subject: [PATCH] Fix workflows zizmor warnings

---
 .github/workflows/ci.yml      | 6 ++++++
 .github/workflows/release.yml | 8 +++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 34d0616..15894e1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,6 +14,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Install ShellCheck
         run: |
@@ -44,6 +46,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Install ShellCheck
         run: |
@@ -69,6 +73,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Install ShellCheck
         shell: bash
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index fc24f99..16f1a17 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,16 +5,17 @@ on:
     tags:
       - "v*"
 
-permissions:
-  contents: write
-
 jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Create Release Directory
         run: mkdir -p release
@@ -119,6 +120,7 @@ jobs:
           repository: ins0mniaque/homebrew-srcenv
           token: ${{ secrets.HOMEBREW_TOKEN }}
           path: homebrew-srcenv
+          persist-credentials: false
 
       - name: Update Homebrew Formula
         run: |