ci: add GitHub action token permissions #94

	name: "Run `nox` sessions"

	on: [pull_request]

	jobs:
	nox:
	strategy:
	matrix:
	os: [ubuntu-latest, macos-latest]
	python: ["3.10", "3.11"]
	nox_session: ["docs", "example", "pre-commit", "testing"]
	exclude:
	- os: macos-latest
	nox_session: "docs"
	- os: macos-latest
	nox_session: "pre-commit"
	- python: "3.10"
	nox_session: "docs"
	- python: "3.10"
	nox_session: "pre-commit"
	fail-fast: true
	name: ${{ matrix.os }} / ${{ matrix.python }} / ${{ matrix.nox_session }}
	runs-on: ${{ matrix.os }}
	defaults:
	run:
	shell: bash

	steps:
	- name: Checkout the revision
	uses: actions/checkout@v4

	- name: Install Poetry
	id: install-poetry
	uses: ./{{ cookiecutter.repository_name }}/.github/actions/install-poetry
	with:
	python-version: ${{ matrix.python }}

	- name: Cache Poetry virtual environment
	id: cache-poetry-venv
	uses: actions/cache@v4
	with:
	path: .venv
	key: cache-${{ github.repository }}-main-${{ github.job }}-${{ matrix.nox_session }}-poetry-venv-${{ runner.os }}-${{ steps.install-poetry.outputs.full-python-version }}-${{ hashFiles('poetry.lock') }}
	restore-keys: cache-${{ github.repository }}-main-${{ github.job }}-${{ matrix.nox_session }}-poetry-venv-${{ runner.os }}-${{ steps.install-poetry.outputs.full-python-version }}-

	- name: Install dependencies
	if: ${{ steps.cache-poetry-venv.outputs.cache-hit != 'true' }}
	run: poetry install --only=main,ci-cd --sync --no-ansi --no-root

	- name: Run `nox` session `${{ matrix.nox_session }}`
	run: poetry run nox --force-python python --session ${{ matrix.nox_session }}

Provide feedback