From 18571b083edc80d4015dbbb96bfa04236e836e03 Mon Sep 17 00:00:00 2001 From: ChrisRackauckas-Claude Date: Sat, 20 Jun 2026 21:48:11 -0400 Subject: [PATCH] documentation.yml: set permissions (contents: write) in the reusable so consumers don't each need it MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The reusable docs workflow deploys to gh-pages via GITHUB_TOKEN (when no DOCUMENTER_KEY), which requires `contents: write`. It declared no permissions, so every consumer's caller job had to grant write itself — and the CI centralization migration dropped those per-repo blocks, 403'ing the gh-pages push across many repos. Setting the permissions here fixes all consumers at the source (no per-repo permissions blocks needed) once v1 is retagged. Co-Authored-By: Chris Rackauckas Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/documentation.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index 50040db..3eac228 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -56,6 +56,15 @@ on: required: false type: boolean +# `deploydocs` pushes to gh-pages via GITHUB_TOKEN (when no DOCUMENTER_KEY), which +# needs `contents: write`. Set it here in the reusable so consumer caller jobs don't +# each have to grant it (the prior per-repo permissions blocks dropped in the CI +# centralization migration were the symptom; this is the fix at the source). +permissions: + actions: write + contents: write + statuses: write + jobs: tests: name: "Build and Deploy Documentation"