docs(config): avoid over-exposing GITHUB_TOKEN (#332)

The GITHUB_TOKEN in this example _should_ be just read-only token but in any case secrets should not be exposed to code that does not need them. In this case pip does not need to authenticate to GitHub.
TheKevJames · Nov 3, 2021 · f5ebce6 · f5ebce6
1 parent 582b6ac
commit f5ebce6
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/docs/usage/configuration.rst b/docs/usage/configuration.rst
@@ -121,10 +121,10 @@ parallel build is finished::
         runs-on: ubuntu-latest
         container: python:3-slim
         steps:
+        - name: Install coveralls
+          run: pip3 install --upgrade coveralls
         - name: Finished
-          run: |
-            pip3 install --upgrade coveralls
-            coveralls --service=github --finish
+          run: coveralls --service=github --finish
           env:
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}