Add GHCR perms to CI and pin Action versions

2023-04-18 22:36:38 +10:00 · 2023-04-18 22:36:38 +10:00 · e4d7b53112
commit e4d7b53112
parent f9ff57a26e
1 changed files with 9 additions and 8 deletions
--- a/.github/workflows/push-docker.yml
+++ b/.github/workflows/push-docker.yml
@ -5,12 +5,14 @@ on:
    branches: 
      - master
      - main
 jobs:
  push:
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
    steps:
    - uses: actions/checkout@v3
    - name: Set up JDK 17
@ -19,7 +21,6 @@ jobs:
        java-version: '17'
        distribution: 'temurin'
    - uses: gradle/gradle-build-action@v2.3.3
      with:
        gradle-version: 7.6
@ -39,7 +40,7 @@ jobs:
        password: ${{ secrets.DOCKER_HUB_API }}
    - name: Login to GitHub Container Registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v2.1.0
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
@ -47,7 +48,7 @@ jobs:
    - name: Generate tags
      id: meta
-      uses: docker/metadata-action@v4
+      uses: docker/metadata-action@v4.4.0
      with:
        images: |
          frooodle/s-pdf
@ -56,13 +57,13 @@ jobs:
          ${{ steps.versionNumber.outputs.versionNumber }}${{ github.ref == 'refs/heads/main' && '-alpha' || '' }}
    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
+      uses: docker/setup-qemu-action@v2.1.0
    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v2.5.0
    - name: Build and push
-      uses: docker/build-push-action@v4
+      uses: docker/build-push-action@v4.0.0
      with:
        push: true
        tags: ${{ steps.meta.outputs.tags }}