ci: restrict write permissions to job scope in deploy-docs workflow (… #2

	name: Deploy Documentation

	on:
	push:
	branches:
	- master
	paths:
	- 'docs/**' # Trigger only when the source docs files are modified

	permissions:
	contents: read

	jobs:
	build_and_deploy:
	permissions:
	contents: write # for peaceiris/actions-gh-pages to push pages branch
	name: Build and deploy documentation
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- name: Install dependencies
	run: \|
	python -m pip install --upgrade pip
	pip install sphinx sphinx_rtd_theme
	- name: Build documentation
	run: python -m sphinx docs build
	- name: Deploy to GitHub Pages
	uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.2
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	publish_branch: gh-pages
	publish_dir: build
	force_orphan: true

Provide feedback