Octomerger Bot
@@ -326,14 +326,36 @@ When adding a new article, make sure the filename is a [kebab-cased](https://en.
|
||||
|
||||
## Whitespace control
|
||||
|
||||
When using Liquid conditionals in lists or tables, you can use [whitespace control](https://shopify.github.io/liquid/basics/whitespace/) characters to prevent the addition of newlines that would break the list or table rendering.
|
||||
When using Liquid conditionals in lists or tables, you can use [whitespace control](https://shopify.github.io/liquid/basics/whitespace/) characters to prevent the addition of newlines and other whitespace that would break the list or table rendering.
|
||||
|
||||
Just add a hyphen on either the left, right, or both sides to indicate that there should be no newline on that side. For example, this statement removes a newline on the left side:
|
||||
You can add a hyphen (`-`) on either the left, right, or both sides to indicate that there should be no newline or other whitespace on that side.
|
||||
|
||||
```
|
||||
{%- ifversion fpt %}
|
||||
```
|
||||
|
||||
For example, to version a table row, instead of adding liquid versioning for the row starting at the end of the previous row, like this:
|
||||
|
||||
```
|
||||
Column A | Column B | Column C
|
||||
---------|----------|---------
|
||||
This row is for all versions | B1 | C1{% ifversion ghes %}
|
||||
This row is for GHES only | B2 | C2{% endif %}
|
||||
This row is for all versions | B3 | C3
|
||||
```
|
||||
|
||||
You can include the liquid versioning on its own line and use whitespace control to strip the newline to the left of the liquid tag. This makes reading the source much easier, without breaking the rendering of the table:
|
||||
|
||||
```
|
||||
Column A | Column B | Column C
|
||||
---------|----------|---------
|
||||
This row is for all versions | B1 | C1
|
||||
{%- ifversion ghes %}
|
||||
This row is for GHES only | B2 | C2
|
||||
{%- endif %}
|
||||
This row is for all versions | B3 | C3
|
||||
```
|
||||
|
||||
## Links
|
||||
|
||||
Links to docs in the `docs-internal` repository must start with a product ID (like `/actions` or `/admin`) and contain the entire filepath, but not the file extension. For example, `/actions/creating-actions/about-custom-actions`.
|
||||
|
||||
@@ -215,6 +215,12 @@ For more information on how to configure this setting, see {% ifversion allow-ac
|
||||
|
||||
These sections consider some of the steps an attacker can take if they're able to run malicious commands on a {% data variables.product.prodname_actions %} runner.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** {% data variables.product.prodname_dotcom %}-hosted runners do not scan for malicious code downloaded by a user during their job, such as a compromised third party library.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
### Accessing secrets
|
||||
|
||||
Workflows triggered using the `pull_request` event have read-only permissions and have no access to secrets. However, these permissions differ for various event triggers such as `issue_comment`, `issues` and `push`, where the attacker could attempt to steal repository secrets or use the write permission of the job's [`GITHUB_TOKEN`](/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token).
|
||||
|
||||
Reference in New Issue
Block a user