Restrict permissions, update actions

The actions release numbers were taken from the 3.1dev branch. Note: there was one strange codespell error in PR #2263. Maybe the updated action will avoid this in the future.
2025-01-03 23:39:45 +01:00 · 2022-11-10 10:35:43 +01:00 · 2022-11-10 10:35:43 +01:00 · b8afca6be1
commit b8afca6be1
parent abdd51d815
3 changed files with 19 additions and 12 deletions
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@ -1,12 +1,15 @@
 ---
 name: Codespell
 on: [push, pull_request]
+permissions:
+  contents: read
+
 jobs:
  codespell:
    name: Check for spelling errors
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - uses: codespell-project/actions-codespell@master
        with:
          skip: ca_hashes.txt,tls_data.txt,*.pem,OPENSSL-LICENSE.txt
--- a/.github/workflows/docker-3.0.yml
+++ b/.github/workflows/docker-3.0.yml
@ -2,7 +2,7 @@ name: docker-3.0

 on:
  push:
-    branches: 
+    branches:
      - 3.0
  workflow_dispatch:
  schedule:
@ -19,36 +19,36 @@ jobs:

    steps:
      - name: Source checkout
-        uses: actions/checkout@v2.3.4 
- 
+        uses: actions/checkout@v3
+
      - name: Setup QEMU
        id: qemu
-        uses: docker/setup-qemu-action@v1.2.0
-      
+        uses: docker/setup-qemu-action@v2.1.0
+
      - name: Setup Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2

      - name: Set Docker metadata
        id: docker_meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
        with:
          images: ${{ github.repository }}
          labels: |
            org.opencontainers.image.version=${{ env.BUILD_VERSION }}
            org.opencontainers.image.revision=${{ github.sha }}
            org.opencontainers.image.title=${{ github.repository }}
-            
+
      - name: GitHub login
        if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v1.10.0
+        uses: docker/login-action@v2.1.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push
-        uses: docker/build-push-action@v2.6.1
+        uses: docker/build-push-action@v3.2.0
        with:
          push: ${{ github.event_name != 'pull_request' }}
          context: .
@ -60,3 +60,4 @@ jobs:
          labels: ${{ steps.docker_meta.outputs.labels }}
          tags: |
            ghcr.io/${{ github.repository }}:${{ env.BUILD_VERSION }}
+            ghcr.io/${{ github.repository }}:latest
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -23,6 +23,9 @@ on:
      - 'LICENSE'
      - 'Dockerfile'

+permissions:
+  contents: read
+
 jobs:
  build:
    runs-on: ${{ matrix.os }}
@ -32,7 +35,7 @@ jobs:
        perl: ['5.26']
    name: Perl ${{ matrix.perl }} on ${{ matrix.os }}
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Set up perl
        uses: shogo82148/actions-setup-perl@v1
        with: