From 9103f24b6188d4e8a4388d1cb78990b874181756 Mon Sep 17 00:00:00 2001
From: wolfy1339 <webmaster@wolfy1339.com>
Date: Wed, 29 Oct 2025 15:47:04 -0400
Subject: [PATCH 1/2] maint: update documentation deploy process

---
 .github/workflows/release.yml | 38 ++++++++++++++++++++++++++---------
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6a6a57f47..807a0d6b7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,18 +6,18 @@ name: Release
       - next
       - beta
       - "*.x"
-# These are recommended by the semantic-release docs: https://github.com/semantic-release/npm#npm-provenance
-permissions:
-    contents: write # to be able to publish a GitHub release
-    issues: write # to be able to comment on released issues
-    pull-requests: write # to be able to comment on released pull requests
-    id-token: write # to enable use of OIDC for npm provenance
 
 jobs:
   release:
     if: github.repository_owner == 'octokit'
     name: release
     runs-on: ubuntu-latest
+    # These are recommended by the semantic-release docs: https://github.com/semantic-release/npm#npm-provenance
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
     steps:
       - uses: actions/create-github-app-token@v2
         id: app-token
@@ -35,8 +35,26 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
           NPM_TOKEN: ${{ secrets.OCTOKITBOT_NPM_TOKEN }}
+
+  docs:
+    runs-on: ubuntu-latest
+    steps:
       - run: npm run docs
-      - uses: maxheld83/ghpages@master
-        env:
-          BUILD_DIR: docs/
-          GH_PAT: ${{ steps.app-token.outputs.token }}
+      - name: Upload static files as artifact
+        id: deployment
+        uses: actions/upload-pages-artifact@v4
+        with:
+          path: docs/
+  deploy:
+    permissions:
+      pages: write      # to deploy to Pages
+      id-token: write   # to verify the deployment originates from an appropriate source
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: docs
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

From 98ad29b1a985c340fd48f4d7818fc119eb511417 Mon Sep 17 00:00:00 2001
From: wolfy1339 <4595477+wolfy1339@users.noreply.github.com>
Date: Wed, 29 Oct 2025 15:50:45 -0400
Subject: [PATCH 2/2] Potential fix for code scanning alert no. 9: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/release.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 807a0d6b7..16cba21ca 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -37,6 +37,8 @@ jobs:
           NPM_TOKEN: ${{ secrets.OCTOKITBOT_NPM_TOKEN }}
 
   docs:
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - run: npm run docs