diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e1ab57f..c6bf249 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -4,6 +4,10 @@ name: Build Status on: [ pull_request, workflow_dispatch] + +permissions: + contents: read + jobs: publish-image: name: Build Docker Images @@ -23,9 +27,10 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Check Diff for Changes + # TODO replace get-diff-action, as it is no longer maintained since 2023-11-24 uses: technote-space/get-diff-action@v6 with: FILES: | @@ -38,15 +43,15 @@ jobs: if: env.GIT_DIFF - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 if: env.GIT_DIFF - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 if: env.GIT_DIFF - name: Build Docker Images - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: push: false context: . diff --git a/.github/workflows/manual.yml b/.github/workflows/manual.yml index 0a316fa..a0256f8 100644 --- a/.github/workflows/manual.yml +++ b/.github/workflows/manual.yml @@ -6,6 +6,11 @@ on: description: 'The distro to build and publish' type: string required: true + +permissions: + contents: read + packages: write + jobs: publish-image: name: Manual Publish Docker Images @@ -14,26 +19,26 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build the Dockerfiles run: make -j $(nproc) - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: USERNAME - password: ${{ secrets.CR_PAT }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Push to GitHub Packages - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: push: true context: . diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2b39ad8..42eb283 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -5,6 +5,10 @@ name: Publish on: push + +permissions: + contents: read + packages: write jobs: publish-image: name: Publish Docker Images @@ -25,9 +29,10 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Check Diff for Changes + # TODO replace get-diff-action, as it is no longer maintained since 2023-11-24 uses: technote-space/get-diff-action@v6 with: FILES: | @@ -40,15 +45,15 @@ jobs: if: env.GIT_DIFF - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 if: env.GIT_DIFF - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 if: env.GIT_DIFF - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -56,7 +61,7 @@ jobs: if: env.GIT_DIFF - name: Push to GitHub Packages - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: push: true context: .