mirror of
https://gitcode.com/gh_mirrors/gh/gh-action-pypi-publish.git
synced 2026-07-02 10:25:13 +00:00
📝Fix a typo in "privileges" @ README
This commit is contained in:
@@ -212,7 +212,7 @@ Invoking `pypi-publish` from composite actions is unsupported. It is not
|
||||
tested. GitHub Runners have limitations and bugs in this case. But more
|
||||
importantly, this is usually an indication of using it insecurely. When
|
||||
using [Trusted Publishing][trusted publisher], it is imperative to keep
|
||||
build machinery invocation in a separate job with restrictive priviliges
|
||||
build machinery invocation in a separate job with restrictive privileges
|
||||
as [Trusted Publishing][trusted publisher] itself requires elevated
|
||||
permissions to make use of OIDC. Our observation is that the users
|
||||
sometimes create in-project composite actions that invoke building and
|
||||
|
||||
Reference in New Issue
Block a user