mirror of
https://github.com/actualbudget/actual.git
synced 2026-07-11 11:59:55 -05:00
* [AI] Replace archived check-spelling action with typos for docs spell-check The check-spelling/check-spelling action was archived upstream and shipped a self-disabling "secpoll" kill-switch after a maintainer-account compromise (2026-06-16), causing the Check Spelling (Docs) workflow to fail fatally with a security-advisory error. There is no patched release to bump to. Replace it with crate-ci/typos, which is actively maintained and runs entirely from the checked-out tree (no PR-comment or bot-apply machinery, so the workflow only needs contents: read): - Rewrite .github/workflows/docs-spelling.yml to run crate-ci/typos, dropping the check-spelling comment/apply jobs and the pull_request_target trigger. - Replace the check-spelling config files with typos.toml: scope to packages/docs, exclude auto-generated release notes and binary assets, and allowlist words typos otherwise mis-flags (HSA, Lage/lage, BA). - Fix genuine typos surfaced in current docs (schedules.md, paying-in-full.md). - Update the contributing guide and docs-writing skill to describe the new allowlist location. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01DstzjPjGYdWMCG4jsrH6a1 * [AI] Add docs-spelling release note and format README Fix the remaining CI checks on the spell-check migration: - Add upcoming-release-notes/8249.md (Maintenance) so the "Release notes" check passes. - Reformat .github/actions/docs-spelling/README.md with oxfmt so the lint ("Test") and autofix.ci checks pass (autofix.ci is not permitted to modify files under .github, so the formatting has to be committed directly). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01DstzjPjGYdWMCG4jsrH6a1 * [AI] Disable credential persistence in docs-spelling checkout Address the code-scanning (zizmor) and CodeRabbit review finding: the read-only spell-check job performs no authenticated git operations, so set persist-credentials: false on actions/checkout as a hardening measure. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01DstzjPjGYdWMCG4jsrH6a1 --------- Co-authored-by: Claude <noreply@anthropic.com>