actions/pypi-publish
1
0
Fork 0
mirror of https://github.com/pypa/gh-action-pypi-publish.git synced 2024-12-26 17:12:08 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

📝Fix a typo in "privileges" @ README
Some checks failed
🏗️ / smoke-test (push) Has been cancelled
Details
🏗️ / build-and-push (push) Has been cancelled
Details

Browse source
This commit is contained in:
Sviatoslav Sydorenko 2024-12-07 05:17:14 +01:00
parent 7252a9a09c
commit cbd6d01d85
No known key found for this signature in database
GPG key ID: 9345E8FEA89CA455
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -212,7 +212,7 @@ Invoking `pypi-publish` from composite actions is unsupported. It is not
tested. GitHub Runners have limitations and bugs in this case. But more
importantly, this is usually an indication of using it insecurely. When
using [Trusted Publishing][trusted publisher], it is imperative to keep
build machinery invocation in a separate job with restrictive priviliges
build machinery invocation in a separate job with restrictive privileges
as [Trusted Publishing][trusted publisher] itself requires elevated
permissions to make use of OIDC. Our observation is that the users
sometimes create in-project composite actions that invoke building and