From: William Desportes <redacted>
Date: Thu, 16 May 2024 21:47:42 +0000 (+0200)
Subject: Bump actions and add permissions (#244)
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=1e928c3827ce0fe786a33db5161ae8e1e41f1869;p=roundcube-roundcubemail-docker.git

Bump actions and add permissions (#244)
---

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 519b512..9329f4b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,4 +1,8 @@
 name: Build & Publish
+
+permissions:
+  contents: read
+
 on:
   push:
     branches:
@@ -31,26 +35,26 @@ jobs:
             test-tag: roundcube/roundcubemail:latest-fpm-alpine
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Get docker hub username
         id: creds
         run: echo '::set-output name=username::${{ secrets.DOCKER_PULL_USERNAME }}'
       - name: Login to Docker Hub
         if: steps.creds.outputs.username != ''
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_PULL_USERNAME }}
           password: ${{ secrets.DOCKER_PUSH_PASSWORD }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
         with:
           buildkitd-flags: --debug
 
       - name: Build and push image for "${{ matrix.variant }}"
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: ${{ matrix.variant }}
           platforms: "linux/arm64,linux/arm/v6,linux/arm/v7,linux/s390x,linux/ppc64le,linux/386,linux/amd64,"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 5fe98cf..a33e0af 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,4 +1,8 @@
 name: Build & Test
+
+permissions:
+  contents: read
+
 on:
   pull_request: {}
   push:
@@ -24,13 +28,13 @@ jobs:
             docker-tag: roundcube/roundcubemail:test-fpm-alpine
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Get docker hub username
         id: creds
         run: echo '::set-output name=username::${{ secrets.DOCKER_PULL_USERNAME }}'
       - name: Login to Docker Hub
         if: steps.creds.outputs.username != ''
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_PULL_USERNAME }}
           password: ${{ secrets.DOCKER_PULL_PASSWORD }}
@@ -47,5 +51,3 @@ jobs:
             docker-compose -f ./tests/docker-compose.test-${testFile}.yml \
             up --exit-code-from=sut --abort-on-container-exit
           done
-          
-
diff --git a/.github/workflows/update-sh.yml b/.github/workflows/update-sh.yml
index dd44683..09e3a89 100644
--- a/.github/workflows/update-sh.yml
+++ b/.github/workflows/update-sh.yml
@@ -1,5 +1,9 @@
 name: update.sh
 
+permissions:
+  # Git push permissions are needed
+  contents: write
+
 on:
   push:
     branches:
@@ -13,7 +17,7 @@ jobs:
     name: Run update.sh script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         token: ${{ secrets.WOKFLOW_TOKEN }}
     - name: Run update.sh script