Update security settings on the new GitHub Action

NWilson · NWilson · commit 0880a6c33a51 · 2025-02-23T21:53:19.000Z
diff --git a/.github/workflows/syncpages.yml b/.github/workflows/syncpages.yml
@@ -1,34 +1,36 @@
-name: Sync doc changes
-on:
-  workflow_dispatch:
-  push:
-    branches: [ master ]
-
-permissions:
-  contents: write
-
-jobs:
-  sync-docs:
-    name: Sync content from master to pages
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          submodules: false
-          fetch-depth: 0 # Necessary to get both the master and pages branches
-          fetch-tags: false
-          ref: pages
-
-      - name: Commit and push, if docs have changed
-        run: |
-          if ! git diff origin/master -- ./doc ./AUTHORS.md ./LICENCE.md ./SECURITY.md \
-                                         ./README ./NON-AUTOTOOLS-BUILD >/dev/null ; then
-            # Differences from master: merge and push
-            git config user.name "github-actions[bot]"
-            git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-            git merge origin/master --no-edit -m"Sync content from master to pages"
-            git push
-          else
-            echo "No content changes to sync"
+name: Sync doc changes
+on:
+  workflow_dispatch:
+  push:
+    branches: [ master ]
+
+permissions:
+  contents: read
+
+jobs:
+  sync-docs:
+    name: Sync content from master to pages
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: false
+          fetch-depth: 0 # Necessary to get both the master and pages branches
+          fetch-tags: false
+          ref: pages
+
+      - name: Commit and push, if docs have changed
+        run: |
+          if ! git diff origin/master -- ./doc ./AUTHORS.md ./LICENCE.md ./SECURITY.md \
+                                         ./README ./NON-AUTOTOOLS-BUILD >/dev/null ; then
+            # Differences from master: merge and push
+            git config user.name "github-actions[bot]"
+            git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+            git merge origin/master --no-edit -m"Sync content from master to pages"
+            git push
+          else
+            echo "No content changes to sync"
           fi
