From 971c146693b24f56f40f26904e7e550cf96b8fce Mon Sep 17 00:00:00 2001
From: Gautam Krishna R <r.gautamkrishna@gmail.com>
Date: Thu, 22 Feb 2024 22:06:25 +0530
Subject: [PATCH] updated with best practices

---
 README.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 55 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c1fad04..c5432bc 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,6 @@ This will keep the cronjob trigger active so that it will run indefinitely witho
 There are three ways you can consume this library in your GitHub actions
 ### Dummy Commit Keepalive Workflow (For GitHub Actions users)
 You can just include the library as a step after one of your favorite GitHub actions. Your workflow file should have the checkout action defined in one of your steps since this library needs git CLI to work.
-
 ```yaml
 name: Github Action with a cronjob trigger
 on:
@@ -33,6 +32,34 @@ jobs:
       # - step n, use it as the last step
       - uses: gautamkrishnar/keepalive-workflow@v1 # using the workflow with default settings
 ```
+
+Moving the keepalive workflow into its own distinct job is strongly recommended for better security. For example:
+```yaml
+name: Github Action with a cronjob trigger
+on:
+  schedule:
+    - cron: "0 0 * * *"
+jobs:
+  main-job:
+    name: Main Job
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      # - step1
+      # - step 2
+      # - Step N
+  keepalive-job:
+    name: Keepalive Workflow
+    if: ${{ always() }}
+    needs: main-job
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: gautamkrishnar/keepalive-workflow@v1
+```
+
 <details>
   <summary>Let's take an example of [Waka Readme](https://github.com/athul/waka-readme)</summary>
 
@@ -79,6 +106,33 @@ jobs:
           use_api: true
 ```
 
+Moving the keepalive workflow into its own distinct job is strongly recommended here as well, for better security:
+```yaml
+name: Github Action with a cronjob trigger
+on:
+  schedule:
+    - cron: "0 0 * * *"
+jobs:
+  main-job:
+    name: Main Job
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      # - step1
+      # - step 2
+      # - Step N
+  keepalive-job:
+    name: Keepalive Workflow
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: gautamkrishnar/keepalive-workflow@v1
+        with:
+          use_api: true
+```
+
 ### Using via NPM (For GitHub Actions developers)
 For developers creating GitHub actions, you can consume the library in your javascript-based GitHub action by installing it from [NPM](https://www.npmjs.com/package/keepalive-workflow). Make sure that your GitHub action uses checkout action since this library needs it as a dependency.
 You can also ask your users to include it as an additional step as mentioned in the first part.