Exclude the `.git` directory by default by joshmgross · Pull Request #599 · actions/upload-artifact (original) (raw)

This is an alternative approach to #598 targeting just the .git directory.

We want to ensure this action is safe by default and users can't accidentally upload their Git credentials into an artifact that can then be exfiltrated.

This is still a breaking change, but less impactful than #598.

Users can opt out of this change by setting the newly added include-git-directory input.

Exclude the .git directory by default by joshmgross · Pull Request #599 · actions/upload-artifact (original) (raw)

Exclude the `.git` directory by default by joshmgross · Pull Request #599 · actions/upload-artifact (original) (raw)