From 7581aa85843b5039d27b36d6f63e743b8ceaa82a Mon Sep 17 00:00:00 2001 From: Mo Sattler Date: Fri, 15 Jan 2021 16:35:05 +0100 Subject: [PATCH] docs: fix a typo in github-actions.md (#1735) --- docs/recipes/github-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/recipes/github-actions.md b/docs/recipes/github-actions.md index 65f3382f..1f420820 100644 --- a/docs/recipes/github-actions.md +++ b/docs/recipes/github-actions.md @@ -50,7 +50,7 @@ To keep `package.json` updated in the `master` branch, [`@semantic-release/git`] **Note**: Automatically populated `GITHUB_TOKEN` cannot be used if branch protection is enabled for the target branch. It is **not** advised to mitigate this limitation by overriding an automatically populated `GITHUB_TOKEN` variable with a [Personal Access Tokens](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line), as it poses a security risk. Since Secret Variables are available for Workflows triggered by any branch, it becomes a potential vector of attack, where a Workflow triggered from a non-protected branch can expose and use a token with elevated permissions, yielding branch protection insignificant. One can use Personal Access Tokens in trusted environments, where all developers should have the ability to perform administrative actions in the given repository and branch protection is enabled solely for convenience purposes, to remind about required reviews or CI checks. -If the risk is acceptible, some extra configuration is needed. The [actions/checkout `persist-credentials`](https://github.com/marketplace/actions/checkout#usage) option needs to be `false`, otherwise the generated `GITHUB_TOKEN` will interfere with the custom one. Example: +If the risk is acceptable, some extra configuration is needed. The [actions/checkout `persist-credentials`](https://github.com/marketplace/actions/checkout#usage) option needs to be `false`, otherwise the generated `GITHUB_TOKEN` will interfere with the custom one. Example: ```yaml - name: Checkout