add checkov config, healthcheck, and update workflow permissions

kernelsam · kernelsam · commit 1211f1e19b37 · 2024-05-29T18:29:29.000-07:00
diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml
@@ -0,0 +1,2 @@
+quiet: true
+skip-check: CKV_DOCKER_7
diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml
@@ -6,10 +6,11 @@ on:
       - opened
       - reopened
 
+permissions:
+  issues: write
+
 jobs:
   add-issue-labels:
-    permissions:
-      issues: write
     secrets:
       ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }}
       SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }}
diff --git a/.github/workflows/add-to-project-community-dependabot.yaml b/.github/workflows/add-to-project-community-dependabot.yaml
@@ -8,6 +8,9 @@ env:
   CREATOR: ${{ github.event.pull_request.user.login }}
   GITHUB_TOKEN: ${{ secrets.SENZING_GITHUB_ACCESS_TOKEN }}
 
+permissions:
+  repository-projects: write
+
 jobs:
   add-to-project-dependabot:
     name: add issue to Senzing Community project
diff --git a/.github/workflows/add-to-project-community.yaml b/.github/workflows/add-to-project-community.yaml
@@ -6,6 +6,9 @@ on:
       - opened
       - reopened
 
+permissions:
+  repository-projects: write
+
 jobs:
   add-to-project:
     name: add issue to project
diff --git a/.github/workflows/move-pr-to-done-dependabot.yaml b/.github/workflows/move-pr-to-done-dependabot.yaml
@@ -5,6 +5,9 @@ on:
     branches: [main]
     types: [closed]
 
+permissions:
+  repository-projects: write
+
 jobs:
   move-pr-to-done-dependabot:
     secrets:
diff --git a/.github/workflows/pylint.yaml b/.github/workflows/pylint.yaml
@@ -2,6 +2,9 @@ name: pylint
 
 on: [push]
 
+permissions:
+  contents: read
+
 jobs:
   pylint:
     runs-on: ubuntu-latest
diff --git a/Dockerfile b/Dockerfile
@@ -4,8 +4,8 @@ FROM ${BASE_IMAGE}
 ENV REFRESHED_AT=2022-12-21
 
 LABEL Name="senzing/code-snippets" \
-      Maintainer="support@senzing.com" \
-      Version="0.0.1"
+  Maintainer="support@senzing.com" \
+  Version="0.0.1"
 
 # Run as "root" for system installation.
 
@@ -14,24 +14,26 @@ USER root
 # Install packages via apt.
 
 RUN apt-get update \
- && apt-get -y install \
-      vim \
-      nano \
-      curl \
-      less \
-      python3 \
-      ipython3 \
-      python3-pip \
-      python3-virtualenv \
-      python3-venv \
- && rm -rf /var/lib/apt/lists/*
+  && apt-get -y install \
+  vim \
+  nano \
+  curl \
+  less \
+  python3 \
+  ipython3 \
+  python3-pip \
+  python3-virtualenv \
+  python3-venv \
+  && rm -rf /var/lib/apt/lists/*
 
 ## Copy files from repository.
 
 COPY ./Python/ /code-snippets/Python
 COPY ./Resources/ /code-snippets/Resources
 COPY ./rootfs /
 
+HEALTHCHECK CMD ["/app/healthcheck.sh"]
+
 # Make non-root container.
 
 USER 1001

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+quiet: true`
	`2`	`+skip-check: CKV_DOCKER_7`