File tree Expand file tree Collapse file tree 1 file changed +12
-0
lines changed Expand file tree Collapse file tree 1 file changed +12
-0
lines changed Original file line number Diff line number Diff line change @@ -60,6 +60,8 @@ concurrency:
6060 group : ${{ github.workflow }}-${{ github.ref }}
6161 cancel-in-progress : true
6262
63+ permissions : {}
64+
6365jobs :
6466 sphinx-changes :
6567 runs-on : ubuntu-latest
@@ -113,6 +115,8 @@ jobs:
113115 runs-on : ubuntu-latest
114116 needs : [sphinx-version]
115117 if : ${{ (contains(fromJSON('["push", "release"]'), github.event_name)) || (needs.sphinx-changes.outputs.changes == 'true') }}
118+ permissions :
119+ contents : read
116120 steps :
117121 - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
118122 with :
@@ -136,9 +140,13 @@ jobs:
136140 if : ${{ (contains(fromJSON('["push", "release"]'), github.event_name)) }}
137141 runs-on : ubuntu-latest
138142 needs : [sphinx-version, sphinx-build]
143+ permissions :
144+ contents : read
139145 steps :
140146 - name : Checkout code
141147 uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
148+ with :
149+ sparse-checkout : .github
142150
143151 - name : Download HTML artifacts
144152 uses : actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
@@ -158,8 +166,12 @@ jobs:
158166 if : ${{ github.event_name == 'release' }}
159167 runs-on : ubuntu-latest
160168 needs : [sphinx-version, sphinx-build, sphinx-deploy-html]
169+ permissions :
170+ contents : read
161171 steps :
162172 - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
173+ with :
174+ sparse-checkout : .github
163175 - shell : python
164176 run : |
165177 import os
You can’t perform that action at this time.
0 commit comments