Removes Git credentials/SSH keys after checkout as a security precaution by setting persist-credentials to false, they are not used after the initial checkout
Declares the minimum permissions for CI workflows to run at either the workflow or job level, following principle of least privilege; see related GitHub security post
Enables concurrency in ci.yml; see related docs, this allows a subsequently queued workflow run to interrupt previous runs in PRs
This PR:
persist-credentials
to false, they are not used after the initial checkoutconcurrency
inci.yml
; see related docs, this allows a subsequently queued workflow run to interrupt previous runs in PRs