On Wed, Jan 6, 2021, 8:13 AM Matt Sicker <boa...@gmail.com> wrote: > Website builds are handled by a specific deployment script that > doesn't necessarily need to give write access to GitHub Actions or > other builds. Unless you're talking about generating a static site and > committing it to git and then having it published? Which is also > somewhat supported for website builds. >
If we ban persisted credentials in the checkout action it becomes very hard to commit the static website build. My example is what triggered this whole conversation about how they are persisted because this is how it works for us today, which I guess was not common knowledge.
