ci(backport): Update CI permissions changes #4619
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docs | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
- release/v* | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
jobs: | |
build: | |
name: Build docs | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Install Python dependencies | |
run: | | |
python -m pip install uv | |
uv pip install --system --upgrade pip setuptools wheel | |
uv pip --quiet install --system --upgrade ".[docs,test]" | |
uv pip install --system yq | |
python -m pip list | |
- name: Install apt-get dependencies | |
run: | | |
sudo apt-get update | |
# Ubuntu 22.04's pandoc is too old (2.9.2.x), so install manually | |
# until the ubuntu-latest updates. | |
curl --silent --location --remote-name https://github.com/jgm/pandoc/releases/download/3.1.6.2/pandoc-3.1.6.2-1-amd64.deb | |
sudo apt-get install ./pandoc-*amd64.deb | |
- name: Check docstrings | |
run: | | |
# Group 1 is related to docstrings | |
pydocstyle --select D1 src/pyhf/pdf.py \ | |
src/pyhf/workspace.py \ | |
src/pyhf/probability.py \ | |
src/pyhf/patchset.py \ | |
src/pyhf/compat.py \ | |
src/pyhf/interpolators \ | |
src/pyhf/infer \ | |
src/pyhf/optimize \ | |
src/pyhf/contrib \ | |
src/pyhf/cli | |
- name: Verify CITATION.cff schema | |
run: | | |
jsonschema <(curl -sL "https://citation-file-format.github.io/1.2.0/schema.json") --instance <(cat CITATION.cff | yq) | |
- name: Check for broken links | |
run: | | |
pushd docs | |
make linkcheck | |
# Don't ship the linkcheck | |
rm -r _build/linkcheck | |
popd | |
- name: Test and build docs | |
run: | | |
python -m doctest README.rst | |
pushd docs | |
make html | |
- name: Check schemas are copied over | |
run: | | |
# is a directory | |
[ -d "docs/_build/html/schemas" ] | |
# is not a symlink | |
[ ! -L "docs/_build/html/schemas" ] | |
# is not empty | |
[ "$(ls -A docs/_build/html/schemas)" ] | |
# is not empty | |
[ "$(ls -A docs/_build/html/lite)" ] | |
- name: Fix permissions if needed | |
run: | | |
chmod -c -R +rX "docs/_build/html/" | while read line; do | |
echo "::warning title=Invalid file permissions automatically fixed::$line" | |
done | |
- name: Upload artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
path: 'docs/_build/html' | |
deploy: | |
name: Deploy docs to GitHub Pages | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
needs: build | |
# Set permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages | |
permissions: | |
contents: read | |
pages: write | |
id-token: write | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Setup Pages | |
uses: actions/configure-pages@v5 | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v4 |