From 7de43f6a91de1ba702babb0d0c79129989b12b35 Mon Sep 17 00:00:00 2001 From: ChrisRackauckas-Claude Date: Sat, 20 Jun 2026 13:26:57 -0400 Subject: [PATCH] docs CI: fix gh-pages deploy by granting GITHUB_TOKEN write permissions The Documentation workflow build passes but the deploydocs gh-pages push fails. The job injected DOCUMENTER_KEY, forcing Documenter onto the SSH deploy path (git@github.com), which fails with "Permission denied (publickey)" because the key is missing/invalid. The job also lacked a permissions: block, leaving GITHUB_TOKEN read-only and unable to push. Fix: - Add permissions: { actions: write, contents: write, statuses: write } to the build-and-deploy job (mirrors the proven SciML OrdinaryDiffEqOperatorSplitting.jl #90 pattern). - Drop the DOCUMENTER_KEY env from the build step. With no DOCUMENTER_KEY present, Documenter's deploydocs auto-uses GITHUB_TOKEN over HTTPS, which the contents: write permission now authorizes to push gh-pages. No secret required. Co-Authored-By: Chris Rackauckas Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/Documentation.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Documentation.yml b/.github/workflows/Documentation.yml index 5ef9d54ec..221765c14 100644 --- a/.github/workflows/Documentation.yml +++ b/.github/workflows/Documentation.yml @@ -18,6 +18,10 @@ jobs: name: "Documentation" runs-on: [self-hosted, gpu-v100] timeout-minutes: 360 + permissions: + actions: write + contents: write + statuses: write if: github.event_name == 'push' || !github.event.pull_request.draft steps: - uses: actions/checkout@v6 @@ -38,6 +42,5 @@ jobs: run: julia --color=yes --project=docs docs/make.jl env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - DOCUMENTER_KEY: ${{ secrets.DOCUMENTER_KEY }} DATADEPS_ALWAYS_ACCEPT: true JULIA_DEBUG: "Documenter"