r-lib · gaborcsardi · Aug 2, 2024 · Jul 2, 2024 · Jul 2, 2024 · Jul 3, 2024
diff --git a/NEWS.md b/NEWS.md
@@ -14,6 +14,10 @@
   unchanged, on all R versions. To avoid using a P3M snapshot on R 3.6.x,
   set the `RSPM_PIN_3_6` environment variable to `false`.
 
+* Example blogdown, bookdown, document, pr-commands and render-markdown
+  workflows now correctly have write permission to repository contents
+  (#874, @remlapmot).
+
 * `[check-r-package]`: you can now set`upload-snapshots` to `always`, to
   upload snapshots even after failures (#871).
 

diff --git a/examples/README.md b/examples/README.md
@@ -417,13 +417,17 @@ name: pr-commands.yaml
 
 permissions: read-all
 
+permissions: read-all
+
 jobs:
   document:
     if: ${{ github.event.issue.pull_request && (github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER') && startsWith(github.event.comment.body, '/document') }}
     name: document
     runs-on: ubuntu-latest
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@v4
 
@@ -461,6 +465,8 @@ jobs:
     runs-on: ubuntu-latest
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@v4
 
@@ -509,11 +515,15 @@ name: render-rmarkdown.yaml
 
 permissions: read-all
 
+permissions: read-all
+
 jobs:
   render-rmarkdown:
     runs-on: ubuntu-latest
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
@@ -630,11 +640,15 @@ name: document.yaml
 
 permissions: read-all
 
+permissions: read-all
+
 jobs:
   document:
     runs-on: ubuntu-latest
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
@@ -684,6 +698,8 @@ name: style.yaml
 
 permissions: read-all
 
+permissions: read-all
+
 jobs:
   style:
     runs-on: ubuntu-latest
@@ -791,6 +807,8 @@ name: bookdown.yaml
 
 permissions: read-all
 
+permissions: read-all
+
 jobs:
   bookdown:
     runs-on: ubuntu-latest
@@ -799,6 +817,8 @@ jobs:
       group: pkgdown-${{ github.event_name != 'pull_request' || github.run_id }}
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@v4
 
@@ -942,6 +962,8 @@ name: blogdown.yaml
 
 permissions: read-all
 
+permissions: read-all
+
 jobs:
   blogdown:
     runs-on: ubuntu-latest
@@ -950,6 +972,8 @@ jobs:
       group: pkgdown-${{ github.event_name != 'pull_request' || github.run_id }}
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@v4
 
@@ -1086,6 +1110,8 @@ name: shiny-deploy.yaml
 
 permissions: read-all
 
+permissions: read-all
+
 jobs:
   shiny-deploy:
     runs-on: ubuntu-latest
@@ -1164,6 +1190,8 @@ name: lint-project.yaml
 
 permissions: read-all
 
+permissions: read-all
+
 jobs:
   lint-project:
     runs-on: ubuntu-latest

diff --git a/examples/blogdown.yaml b/examples/blogdown.yaml
@@ -19,6 +19,8 @@ jobs:
       group: pkgdown-${{ github.event_name != 'pull_request' || github.run_id }}
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@v4
 

diff --git a/examples/bookdown.yaml b/examples/bookdown.yaml
@@ -19,6 +19,8 @@ jobs:
       group: pkgdown-${{ github.event_name != 'pull_request' || github.run_id }}
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@v4
 

diff --git a/examples/document.yaml b/examples/document.yaml
@@ -13,6 +13,8 @@ jobs:
     runs-on: ubuntu-latest
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4

diff --git a/examples/pr-commands.yaml b/examples/pr-commands.yaml
@@ -15,6 +15,8 @@ jobs:
     runs-on: ubuntu-latest
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@v4
 
@@ -52,6 +54,8 @@ jobs:
     runs-on: ubuntu-latest
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@v4
 

diff --git a/examples/render-rmarkdown.yaml b/examples/render-rmarkdown.yaml
@@ -13,6 +13,8 @@ jobs:
     runs-on: ubuntu-latest
     env:
       GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4