TL;DR

Currently, the credentials are generated inside the github workspace, often the root of the repository. If we auth before running code scanners like Sonarqube or CodeQL, they will flag the cred file as it was part of the code. Ideally, for those cases, having the ability to choose somewhere else, like /tmp/ to store the creds would be a big help. Currently, I have an additional step just to move the file and recreate the env vars the action sets.

Detailed design

The proposal would be something like:

jobs:
 job_id:
   steps:
   - uses: 'actions/checkout@v4'
   - uses: 'google-github-actions/auth@v3'
     with:
       credentials_file_path: /custom/path/for/the/credential.file

Basically, reusing the output name as input as well.

Additional information

No response