documentation.yml: set permissions (contents: write) in the reusable (fix docs-deploy at the source)#102
Merged
ChrisRackauckas merged 1 commit intoJun 21, 2026
Conversation
…so consumers don't each need it The reusable docs workflow deploys to gh-pages via GITHUB_TOKEN (when no DOCUMENTER_KEY), which requires `contents: write`. It declared no permissions, so every consumer's caller job had to grant write itself — and the CI centralization migration dropped those per-repo blocks, 403'ing the gh-pages push across many repos. Setting the permissions here fixes all consumers at the source (no per-repo permissions blocks needed) once v1 is retagged. Co-Authored-By: Chris Rackauckas <accounts@chrisrackauckas.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This was referenced Jun 21, 2026
ChrisRackauckas-Claude
pushed a commit
to ChrisRackauckas-Claude/ColPrac
that referenced
this pull request
Jun 21, 2026
The centralized documentation.yml reusable now sets permissions: contents:write (SciML/.github#102), so this repo's caller no longer needs its own permissions block. Merge ONLY after #102 is merged and v1 is retagged (otherwise the gh-pages deploy 403s again in the gap). Co-Authored-By: Chris Rackauckas <accounts@chrisrackauckas.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ChrisRackauckas-Claude
pushed a commit
to ChrisRackauckas-Claude/Evolutionary.jl
that referenced
this pull request
Jun 21, 2026
The centralized documentation.yml reusable now sets permissions: contents:write (SciML/.github#102), so this repo's caller no longer needs its own permissions block. Merge ONLY after SciML#102 is merged and v1 is retagged (otherwise the gh-pages deploy 403s again in the gap). Co-Authored-By: Chris Rackauckas <accounts@chrisrackauckas.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ChrisRackauckas
added a commit
to SciML/ColPrac
that referenced
this pull request
Jun 21, 2026
…) (#53) The centralized documentation.yml reusable now sets permissions: contents:write (SciML/.github#102), so this repo's caller no longer needs its own permissions block. Merge ONLY after #102 is merged and v1 is retagged (otherwise the gh-pages deploy 403s again in the gap). Co-authored-by: ChrisRackauckas-Claude <accounts@chrisrackauckas.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ChrisRackauckas
added a commit
to SciML/Evolutionary.jl
that referenced
this pull request
Jun 21, 2026
…) (#149) The centralized documentation.yml reusable now sets permissions: contents:write (SciML/.github#102), so this repo's caller no longer needs its own permissions block. Merge ONLY after #102 is merged and v1 is retagged (otherwise the gh-pages deploy 403s again in the gap). Co-authored-by: ChrisRackauckas-Claude <accounts@chrisrackauckas.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ChrisRackauckas-Claude
pushed a commit
to ChrisRackauckas-Claude/OrdinaryDiffEqOperatorSplitting.jl
that referenced
this pull request
Jun 21, 2026
…by .github#102) The per-repo Documentation.yml permissions block this PR added is superseded by SciML/.github#102 (which sets it in the reusable). Drop it here and keep only the real remaining fix: the `disptach`->`dispatch` typo in src/integrator.jl that the Spell Check still flags on master. Co-Authored-By: Chris Rackauckas <accounts@chrisrackauckas.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Per @ChrisRackauckas: fix the docs-deploy gh-pages 403 centrally instead of per-repo.
The reusable
documentation.ymldeploys viaGITHUB_TOKEN(when noDOCUMENTER_KEY), which needscontents: write. It declared nopermissions:, so each consumer's caller job had to grant write — and the CI-centralization migration dropped those per-repo blocks, 403'ing gh-pages across many repos (CatalystNetworkAnalysis, ColPrac, Evolutionary, PDEBase, SparseColumnPivotedQR, OrdinaryDiffEqOperatorSplitting, …).This adds a workflow-level
permissions: {contents: write, actions: write, statuses: write}to the reusable, so all consumers get it without per-repo blocks. Mirrors the grant that the per-caller fix (OrdinaryDiffEqOperatorSplitting #90, verified → Documentation green) used — just moved to the source.Needs a
v1retag to take effect. Once retagged, the ~6 per-repopermissions-block PRs I opened can be closed as superseded.Please ignore until reviewed by @ChrisRackauckas.