Files
actual/packages/docs/docs/budgeting
Matiss Janis Aboltins e5747b2f2a [AI] Replace archived check-spelling action with typos for docs spell-check (#8249)
* [AI] Replace archived check-spelling action with typos for docs spell-check

The check-spelling/check-spelling action was archived upstream and shipped a
self-disabling "secpoll" kill-switch after a maintainer-account compromise
(2026-06-16), causing the Check Spelling (Docs) workflow to fail fatally with
a security-advisory error. There is no patched release to bump to.

Replace it with crate-ci/typos, which is actively maintained and runs entirely
from the checked-out tree (no PR-comment or bot-apply machinery, so the workflow
only needs contents: read):

- Rewrite .github/workflows/docs-spelling.yml to run crate-ci/typos, dropping
  the check-spelling comment/apply jobs and the pull_request_target trigger.
- Replace the check-spelling config files with typos.toml: scope to
  packages/docs, exclude auto-generated release notes and binary assets, and
  allowlist words typos otherwise mis-flags (HSA, Lage/lage, BA).
- Fix genuine typos surfaced in current docs (schedules.md, paying-in-full.md).
- Update the contributing guide and docs-writing skill to describe the new
  allowlist location.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01DstzjPjGYdWMCG4jsrH6a1

* [AI] Add docs-spelling release note and format README

Fix the remaining CI checks on the spell-check migration:

- Add upcoming-release-notes/8249.md (Maintenance) so the "Release notes"
  check passes.
- Reformat .github/actions/docs-spelling/README.md with oxfmt so the lint
  ("Test") and autofix.ci checks pass (autofix.ci is not permitted to modify
  files under .github, so the formatting has to be committed directly).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01DstzjPjGYdWMCG4jsrH6a1

* [AI] Disable credential persistence in docs-spelling checkout

Address the code-scanning (zizmor) and CodeRabbit review finding: the
read-only spell-check job performs no authenticated git operations, so set
persist-credentials: false on actions/checkout as a hardening measure.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01DstzjPjGYdWMCG4jsrH6a1

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-06-17 19:19:13 +00:00
..