# Adapted from
# https://github.com/woodruffw/gha-hazmat/blob/main/.github/workflows/hardcoded-credentials.yml
on:
push:
branches:
- master
workflow_dispatch:
name: hardcoded-credentials
permissions: {}
jobs:
test:
name: test
runs-on: ubuntu-latest
container:
image: fake.example.com/example
credentials:
username: user
password: hackme
steps:
- run: echo 'vulnerable!'