From 3eb3a70aab8515a4e3f62daff0cfdc2ace24e61e Mon Sep 17 00:00:00 2001
From: Chris Mayo <aklhfex@gmail.com>
Date: Mon, 6 Dec 2021 19:27:49 +0000
Subject: [PATCH 1/2] Limit token permissions and pin 3rd-party action in
 publish-pages

---
 .github/workflows/publish-pages.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish-pages.yml b/.github/workflows/publish-pages.yml
index 7d18fc0c..7b9aee70 100644
--- a/.github/workflows/publish-pages.yml
+++ b/.github/workflows/publish-pages.yml
@@ -8,6 +8,8 @@ jobs:
   run:
 
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
 
     steps:
       - uses: actions/checkout@v2
@@ -31,7 +33,7 @@ jobs:
             make -C doc html
 
       - name: Publish
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@068dc23d9710f1ba62e86896f84735d869951305
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: ./doc/html

From 7f78acf856a24f8720dcb3ad7d2870c16f651a64 Mon Sep 17 00:00:00 2001
From: Chris Mayo <aklhfex@gmail.com>
Date: Mon, 6 Dec 2021 19:27:49 +0000
Subject: [PATCH 2/2] Fetch tag history in publish-pages

---
 .github/workflows/publish-pages.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/publish-pages.yml b/.github/workflows/publish-pages.yml
index 7b9aee70..bb48001b 100644
--- a/.github/workflows/publish-pages.yml
+++ b/.github/workflows/publish-pages.yml
@@ -13,6 +13,10 @@ jobs:
 
     steps:
       - uses: actions/checkout@v2
+        # Needed for setuptools_scm to extract LinkChecker version from tag
+        # https://github.com/actions/checkout/issues/249
+        with:
+          fetch-depth: 0
 
       - name: Install Ubuntu packages
         run: sudo apt install graphviz