From a4cb897ab208b3f30154e845b0881b0c24e15946 Mon Sep 17 00:00:00 2001
From: Clint Plummer <clint@yuhonas.com>
Date: Wed, 9 Aug 2023 12:59:42 -0400
Subject: [PATCH] move github permissions declaration to the job where it's
 needed for clarity

---
 .github/workflows/ci.yaml | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 21d6f807..e655f7d4 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -13,12 +13,6 @@ on:
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# Sets the GITHUB_TOKEN permissions to allow deployment to GitHub Pages
-permissions:
-  contents: read
-  pages: write
-  id-token: write
-
 # Allow one concurrent deployment
 concurrency:
   group: 'pages'
@@ -56,6 +50,11 @@ jobs:
 
   deploy:
     if: github.event.pull_request.merged == true
+    # Sets the GITHUB_TOKEN permissions to allow deployment to GitHub Pages
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
     environment:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}