From cb418b7b3d088134af34e3d6667e84e8df72bcde Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 May 2024 04:22:36 +0000 Subject: [PATCH 1/2] Bump senzing-factory/build-resources from 1 to 2 Bumps [senzing-factory/build-resources](https://github.com/senzing-factory/build-resources) from 1 to 2. - [Release notes](https://github.com/senzing-factory/build-resources/releases) - [Changelog](https://github.com/senzing-factory/build-resources/blob/main/CHANGELOG.md) - [Commits](https://github.com/senzing-factory/build-resources/compare/v1...v2) --- updated-dependencies: - dependency-name: senzing-factory/build-resources dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/add-labels-standardized.yaml | 2 +- .github/workflows/add-to-project-garage-dependabot.yaml | 2 +- .github/workflows/add-to-project-garage.yaml | 2 +- .github/workflows/dependabot-approve-and-merge.yaml | 2 +- .github/workflows/lint-workflows.yaml | 2 +- .github/workflows/move-pr-to-done-dependabot.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml index 50687a5..01aa8a1 100644 --- a/.github/workflows/add-labels-standardized.yaml +++ b/.github/workflows/add-labels-standardized.yaml @@ -14,4 +14,4 @@ jobs: secrets: ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }} SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }} - uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v2 diff --git a/.github/workflows/add-to-project-garage-dependabot.yaml b/.github/workflows/add-to-project-garage-dependabot.yaml index 99b12a0..19cc672 100644 --- a/.github/workflows/add-to-project-garage-dependabot.yaml +++ b/.github/workflows/add-to-project-garage-dependabot.yaml @@ -11,6 +11,6 @@ jobs: add-to-project-dependabot: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v2 with: project: ${{ vars.SENZING_PROJECT_GARAGE }} diff --git a/.github/workflows/add-to-project-garage.yaml b/.github/workflows/add-to-project-garage.yaml index 1abad01..53c0744 100644 --- a/.github/workflows/add-to-project-garage.yaml +++ b/.github/workflows/add-to-project-garage.yaml @@ -13,7 +13,7 @@ jobs: add-to-project: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v2 with: classic: false project-number: ${{ vars.SENZING_PROJECT_GARAGE }} diff --git a/.github/workflows/dependabot-approve-and-merge.yaml b/.github/workflows/dependabot-approve-and-merge.yaml index 15a5bf9..cacaa2d 100644 --- a/.github/workflows/dependabot-approve-and-merge.yaml +++ b/.github/workflows/dependabot-approve-and-merge.yaml @@ -11,4 +11,4 @@ jobs: pull-requests: write secrets: SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v2 diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml index 1bcd936..c471330 100644 --- a/.github/workflows/lint-workflows.yaml +++ b/.github/workflows/lint-workflows.yaml @@ -14,4 +14,4 @@ permissions: jobs: lint-workflows: - uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v2 diff --git a/.github/workflows/move-pr-to-done-dependabot.yaml b/.github/workflows/move-pr-to-done-dependabot.yaml index 4a5db44..b59571b 100644 --- a/.github/workflows/move-pr-to-done-dependabot.yaml +++ b/.github/workflows/move-pr-to-done-dependabot.yaml @@ -12,6 +12,6 @@ jobs: move-pr-to-done-dependabot: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v2 with: project: ${{ vars.SENZING_PROJECT_GARAGE }} From bebeaeb5d30d204db941171fad4a8be620745099 Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Fri, 31 May 2024 19:18:39 -0700 Subject: [PATCH 2/2] fix linting --- .github/linters/.checkov.yaml | 2 ++ .github/workflows/dependabot-approve-and-merge.yaml | 7 ++++--- .github/workflows/docker-build-container.yaml | 3 +++ .github/workflows/docker-push-containers-to-dockerhub.yaml | 3 +++ .github/workflows/pylint.yaml | 3 +++ Dockerfile | 6 +++--- 6 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 .github/linters/.checkov.yaml diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml new file mode 100644 index 0000000..e2d7c03 --- /dev/null +++ b/.github/linters/.checkov.yaml @@ -0,0 +1,2 @@ +quiet: true +skip-check: CKV_DOCKER_7 diff --git a/.github/workflows/dependabot-approve-and-merge.yaml b/.github/workflows/dependabot-approve-and-merge.yaml index cacaa2d..0aad27e 100644 --- a/.github/workflows/dependabot-approve-and-merge.yaml +++ b/.github/workflows/dependabot-approve-and-merge.yaml @@ -4,11 +4,12 @@ on: pull_request: branches: [main] +permissions: + contents: write + pull-requests: write + jobs: dependabot-approve-and-merge: - permissions: - contents: write - pull-requests: write secrets: SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v2 diff --git a/.github/workflows/docker-build-container.yaml b/.github/workflows/docker-build-container.yaml index 751e6ec..adea87e 100644 --- a/.github/workflows/docker-build-container.yaml +++ b/.github/workflows/docker-build-container.yaml @@ -6,6 +6,9 @@ on: - main workflow_dispatch: +permissions: + contents: read + jobs: docker-build-container: runs-on: ubuntu-latest diff --git a/.github/workflows/docker-push-containers-to-dockerhub.yaml b/.github/workflows/docker-push-containers-to-dockerhub.yaml index e4819da..3ff71c0 100644 --- a/.github/workflows/docker-push-containers-to-dockerhub.yaml +++ b/.github/workflows/docker-push-containers-to-dockerhub.yaml @@ -5,6 +5,9 @@ on: tags: - "[0-9]+.[0-9]+.[0-9]+" +permissions: + contents: read + jobs: docker-push-containers-to-dockerhub: runs-on: ubuntu-latest diff --git a/.github/workflows/pylint.yaml b/.github/workflows/pylint.yaml index eee9d29..22bb778 100644 --- a/.github/workflows/pylint.yaml +++ b/.github/workflows/pylint.yaml @@ -2,6 +2,9 @@ name: pylint on: [push] +permissions: + contents: read + jobs: pylint: runs-on: ubuntu-latest diff --git a/Dockerfile b/Dockerfile index 49ed3c7..5d1ce28 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,10 +13,10 @@ HEALTHCHECK CMD ["/app/healthcheck.sh"] USER root -# Install packages via apt. +# Install packages via apt-get. -RUN apt update \ - && apt -y install \ +RUN apt-get update \ + && apt-get -y install \ python3-dev \ python3-pip \ librdkafka-dev \