Restrict permissions, update actions

    The actions release numbers were taken from the 3.1dev branch.

    Note: there was one strange codespell error in PR #2263.
    Maybe the updated action will avoid this in the future.

Author: drwetter

.github/workflows/codespell.yml

@@ -1,12 +1,15 @@
 ---
 name: Codespell
 on: [push, pull_request]
+permissions:
+  contents: read
+
 jobs:
   codespell:
     name: Check for spelling errors
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: codespell-project/actions-codespell@master
         with:
           skip: ca_hashes.txt,tls_data.txt,*.pem,OPENSSL-LICENSE.txt

.github/workflows/docker-3.0.yml

@@ -2,7 +2,7 @@ name: docker-3.0
 
 on:
   push:
-    branches: 
+    branches:
       - 3.0
   workflow_dispatch:
   schedule:
@@ -19,36 +19,36 @@ jobs:
 
     steps:
       - name: Source checkout
-        uses: actions/checkout@v2.3.4 
- 
+        uses: actions/checkout@v3
+
       - name: Setup QEMU
         id: qemu
-        uses: docker/setup-qemu-action@v1.2.0
-      
+        uses: docker/setup-qemu-action@v2.1.0
+
       - name: Setup Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Set Docker metadata
         id: docker_meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: ${{ github.repository }}
           labels: |
             org.opencontainers.image.version=${{ env.BUILD_VERSION }}
             org.opencontainers.image.revision=${{ github.sha }}
             org.opencontainers.image.title=${{ github.repository }}
-            
+
       - name: GitHub login
         if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v1.10.0
+        uses: docker/login-action@v2.1.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v2.6.1
+        uses: docker/build-push-action@v3.2.0
         with:
           push: ${{ github.event_name != 'pull_request' }}
           context: .
@@ -60,3 +60,4 @@ jobs:
           labels: ${{ steps.docker_meta.outputs.labels }}
           tags: |
             ghcr.io/${{ github.repository }}:${{ env.BUILD_VERSION }}
+            ghcr.io/${{ github.repository }}:latest

.github/workflows/test.yml

@@ -23,6 +23,9 @@ on:
       - 'LICENSE'
       - 'Dockerfile'
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ${{ matrix.os }}
@@ -32,7 +35,7 @@ jobs:
         perl: ['5.26']
     name: Perl ${{ matrix.perl }} on ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up perl
         uses: shogo82148/actions-setup-perl@v1
         with: