WIP

FerretDB · Jan 29, 2022 · 1249677 · 1249677
1 parent 8d24e59
commit 1249677
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -13,14 +13,14 @@
 #   It also has minimal permissions.
 # * We publish Docker images from PRs as a separate package that should not be run by users.
 # * We limit what third-party actions can be used.
-
+#
 # We also tried a different approach: build Docker image in one normal, secure `pull_request` workflow,
-# upload artifact, and the download and publish in another workflow that has access to secrets, but treats
+# upload artifact, and then download and publish it in another workflow that has access to secrets, but treats
 # artifact as passive data. We use buildx for building multi-platform images, and there is a way to export
 # multi-platform OCI tarball: https://docs.docker.com/engine/reference/commandline/buildx_build/#output
 # Unfortunately, it seems that there is no way to import that tarball in another workflow and publish it
 # as a Docker image, as strange as it sounds: https://github.com/docker/buildx/issues/186
-
+#
 # Relevant GitHub documentation is scattered. The first article gives a good overview:
 # * https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
 # * https://docs.github.com/en/actions/security-guides/automatic-token-authentication