From ea4fa8fed85fb2e0da9cad53eb40b75ba12648cd Mon Sep 17 00:00:00 2001
From: "Chris Rackauckas (via Claude)" <accounts@chrisrackauckas.com>
Date: Sat, 20 Jun 2026 13:26:43 -0400
Subject: [PATCH] Fix docs-deploy: add permissions block to Documentation
 caller job

The CI-centralization migration (centralizing on the SciML reusable
`documentation.yml@v1`) dropped the `permissions:` block from the
`.github/workflows/Documentation.yml` caller job. The reusable workflow
declares no permissions of its own and deploys via
`GITHUB_TOKEN: ${{ inputs.github-token || secrets.GITHUB_TOKEN }}`, so
the caller job's permissions flow through to the token. Without the
block the token is read-only and Documenter's `deploydocs` cannot push
to gh-pages (403 / permission denied).

Add `actions: write`, `contents: write`, `statuses: write` to the
caller job, mirroring the proven fix in
SciML/OrdinaryDiffEqOperatorSplitting.jl#90.

Co-Authored-By: Chris Rackauckas <accounts@chrisrackauckas.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .github/workflows/Documentation.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/Documentation.yml b/.github/workflows/Documentation.yml
index 7ee6d63..fe96a04 100644
--- a/.github/workflows/Documentation.yml
+++ b/.github/workflows/Documentation.yml
@@ -9,5 +9,9 @@ on:
 
 jobs:
   build:
+    permissions:
+      actions: write
+      contents: write
+      statuses: write
     uses: "SciML/.github/.github/workflows/documentation.yml@v1"
     secrets: "inherit"