Skip to content

chore(ci): update repo homepage after docs deploy #149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mabry1985 merged 1 commit into from
Apr 22, 2026
+5 −0
Merged

chore(ci): update repo homepage after docs deploy #149

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .github/workflows/docs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ permissions:
contents: read
pages: write
id-token: write
administration: write
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

GitHub Actions workflow syntax: is administrationa supported key under top-levelpermissions? Please list the currently supported permission keys from official docs.

💡 Result:

No, administration is not a supported key under the top-level permissions key in GitHub Actions workflow syntax. The supported permission keys, as listed in the official GitHub documentation for workflow syntax, are: - actions - attestations (mentioned in secondary sources) - checks - contents - deployments - discussions - id-token - issues - packages - pages - pull-requests - repository-projects - security-events - statuses Additionally, shorthands like read-all, write-all, and {} (none) are supported. These permissions control access for the GITHUB_TOKEN. The key administration appears in GitHub App permissions or Enterprise contexts but is not available for workflow permissions.

Citations:

🌐 Web query:

For GitHub REST API PATCH /repos/{owner}/{repo}(updatinghomepage), what token type and exact repository permission are required? Does GITHUB_TOKEN from Actions support this operation?

💡 Result:

For the GitHub REST API PATCH /repos/{owner}/{repo} endpoint to update the repository homepage, the token must provide admin access to the repository. This corresponds to the 'repo' OAuth scope for classic personal access tokens or fine-grained tokens, or repository 'Administration' write permission. The endpoint example shows updating 'homepage' without explicit permission notes beyond admin for certain fields like security_and_analysis, but deleting the repo explicitly requires admin, and repo updates generally require admin permissions. The GITHUB_TOKEN from GitHub Actions does not support this operation with standard permissions. GITHUB_TOKEN has limited scopes equivalent to specific granular permissions (contents:write, issues:write, etc.), but lacks 'Administration' write permission needed for repository settings updates like homepage. StackOverflow confirms GITHUB_TOKEN cannot perform repository settings changes, requiring a PAT or GitHub App with broader access. Permissions can be set in workflows, but repository administration is not among available GITHUB_TOKEN permissions.

Citations:

Remove invalid permission scope and use appropriate token for repository admin operation.

Line 13 uses administration: write, which is not a valid GitHub Actions permissions key (only: actions, attestations, checks, contents, deployments, discussions, id-token, issues, packages, pages, pull-requests, repository-projects, security-events, statuses). Additionally, lines 44-46 attempt to use secrets.GITHUB_TOKEN for PATCH /repos/{owner}/{repo}, which requires admin-level repository permission that GITHUB_TOKEN cannot grant. The workflow will fail at validation and/or return 403 at runtime.

Replace administration: write with a valid permission or remove if unneeded, and use a personal access token or GitHub App token with admin repository access for the homepage update operation.

🧰 Tools
🪛 actionlint (1.7.12)

[error] 13-13: unknown permission scope "administration". all available permission scopes are "actions", "artifact-metadata", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "models", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses"

(permissions)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/docs.yml at line 13, Replace the invalid permissions key
and switch to a proper admin token: remove the line "administration: write" and
instead set only valid permissions (e.g., "contents: write" or "pages: write" as
appropriate) in the permissions block; then stop using secrets.GITHUB_TOKEN for
the PATCH /repos/{owner}/{repo} call and use a stored personal access token or
GitHub App token with repository admin rights (e.g., secrets.ADMIN_TOKEN or
secrets.PAT) for that step so the homepage update succeeds.


concurrency:
group: pages
Expand Down Expand Up @@ -39,3 +40,7 @@ jobs:
steps:
- id: deployment
uses: actions/deploy-pages@v4
- name: Update repo homepage
run: gh api -X PATCH repos/${{ github.repository }} -f homepage="${{ steps.deployment.outputs.page_url }}"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Loading