From 06c40fb3f53ad0fbdd7a81bf9122b599a248c899 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 29 May 2024 16:30:21 +0000
Subject: [PATCH 1/3] Bump senzing-factory/build-resources from 1 to 2

Bumps [senzing-factory/build-resources](https://github.com/senzing-factory/build-resources) from 1 to 2.
- [Release notes](https://github.com/senzing-factory/build-resources/releases)
- [Changelog](https://github.com/senzing-factory/build-resources/blob/main/CHANGELOG.md)
- [Commits](https://github.com/senzing-factory/build-resources/compare/v1...v2)

---
updated-dependencies:
- dependency-name: senzing-factory/build-resources
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/add-labels-standardized.yaml    | 2 +-
 .github/workflows/lint-workflows.yaml             | 2 +-
 .github/workflows/move-pr-to-done-dependabot.yaml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml
index 1360a67..38483d9 100644
--- a/.github/workflows/add-labels-standardized.yaml
+++ b/.github/workflows/add-labels-standardized.yaml
@@ -13,4 +13,4 @@ jobs:
     secrets:
       ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }}
       SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }}
-    uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v1
+    uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v2
diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml
index 1bcd936..c471330 100644
--- a/.github/workflows/lint-workflows.yaml
+++ b/.github/workflows/lint-workflows.yaml
@@ -14,4 +14,4 @@ permissions:
 
 jobs:
   lint-workflows:
-    uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v1
+    uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v2
diff --git a/.github/workflows/move-pr-to-done-dependabot.yaml b/.github/workflows/move-pr-to-done-dependabot.yaml
index 582a1b0..63c6908 100644
--- a/.github/workflows/move-pr-to-done-dependabot.yaml
+++ b/.github/workflows/move-pr-to-done-dependabot.yaml
@@ -9,4 +9,4 @@ jobs:
   move-pr-to-done-dependabot:
     secrets:
       SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}
-    uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done.yaml@v1
+    uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done.yaml@v2

From 1211f1e19b379962f9b886b8fe1679d70515a498 Mon Sep 17 00:00:00 2001
From: Sam <109683132+kernelsam@users.noreply.github.com>
Date: Wed, 29 May 2024 18:29:29 -0700
Subject: [PATCH 2/3] add checkov config, healthcheck, and update workflow
 permissions

---
 .github/linters/.checkov.yaml                 |  2 ++
 .../workflows/add-labels-standardized.yaml    |  5 ++--
 .../add-to-project-community-dependabot.yaml  |  3 ++
 .../workflows/add-to-project-community.yaml   |  3 ++
 .../workflows/move-pr-to-done-dependabot.yaml |  3 ++
 .github/workflows/pylint.yaml                 |  3 ++
 Dockerfile                                    | 28 ++++++++++---------
 7 files changed, 32 insertions(+), 15 deletions(-)
 create mode 100644 .github/linters/.checkov.yaml

diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml
new file mode 100644
index 0000000..e2d7c03
--- /dev/null
+++ b/.github/linters/.checkov.yaml
@@ -0,0 +1,2 @@
+quiet: true
+skip-check: CKV_DOCKER_7
diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml
index 38483d9..01aa8a1 100644
--- a/.github/workflows/add-labels-standardized.yaml
+++ b/.github/workflows/add-labels-standardized.yaml
@@ -6,10 +6,11 @@ on:
       - opened
       - reopened
 
+permissions:
+  issues: write
+
 jobs:
   add-issue-labels:
-    permissions:
-      issues: write
     secrets:
       ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }}
       SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }}
diff --git a/.github/workflows/add-to-project-community-dependabot.yaml b/.github/workflows/add-to-project-community-dependabot.yaml
index ca381ee..ca13aa9 100644
--- a/.github/workflows/add-to-project-community-dependabot.yaml
+++ b/.github/workflows/add-to-project-community-dependabot.yaml
@@ -8,6 +8,9 @@ env:
   CREATOR: ${{ github.event.pull_request.user.login }}
   GITHUB_TOKEN: ${{ secrets.SENZING_GITHUB_ACCESS_TOKEN }}
 
+permissions:
+  repository-projects: write
+
 jobs:
   add-to-project-dependabot:
     name: add issue to Senzing Community project
diff --git a/.github/workflows/add-to-project-community.yaml b/.github/workflows/add-to-project-community.yaml
index 2c76520..25cddf3 100644
--- a/.github/workflows/add-to-project-community.yaml
+++ b/.github/workflows/add-to-project-community.yaml
@@ -6,6 +6,9 @@ on:
       - opened
       - reopened
 
+permissions:
+  repository-projects: write
+
 jobs:
   add-to-project:
     name: add issue to project
diff --git a/.github/workflows/move-pr-to-done-dependabot.yaml b/.github/workflows/move-pr-to-done-dependabot.yaml
index 63c6908..68bcb82 100644
--- a/.github/workflows/move-pr-to-done-dependabot.yaml
+++ b/.github/workflows/move-pr-to-done-dependabot.yaml
@@ -5,6 +5,9 @@ on:
     branches: [main]
     types: [closed]
 
+permissions:
+  repository-projects: write
+
 jobs:
   move-pr-to-done-dependabot:
     secrets:
diff --git a/.github/workflows/pylint.yaml b/.github/workflows/pylint.yaml
index 1c8a249..45fd6d2 100644
--- a/.github/workflows/pylint.yaml
+++ b/.github/workflows/pylint.yaml
@@ -2,6 +2,9 @@ name: pylint
 
 on: [push]
 
+permissions:
+  contents: read
+
 jobs:
   pylint:
     runs-on: ubuntu-latest
diff --git a/Dockerfile b/Dockerfile
index 99a360a..d64a8ae 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,8 +4,8 @@ FROM ${BASE_IMAGE}
 ENV REFRESHED_AT=2022-12-21
 
 LABEL Name="senzing/code-snippets" \
-      Maintainer="support@senzing.com" \
-      Version="0.0.1"
+  Maintainer="support@senzing.com" \
+  Version="0.0.1"
 
 # Run as "root" for system installation.
 
@@ -14,17 +14,17 @@ USER root
 # Install packages via apt.
 
 RUN apt-get update \
- && apt-get -y install \
-      vim \
-      nano \
-      curl \
-      less \
-      python3 \
-      ipython3 \
-      python3-pip \
-      python3-virtualenv \
-      python3-venv \
- && rm -rf /var/lib/apt/lists/*
+  && apt-get -y install \
+  vim \
+  nano \
+  curl \
+  less \
+  python3 \
+  ipython3 \
+  python3-pip \
+  python3-virtualenv \
+  python3-venv \
+  && rm -rf /var/lib/apt/lists/*
 
 ## Copy files from repository.
 
@@ -32,6 +32,8 @@ COPY ./Python/ /code-snippets/Python
 COPY ./Resources/ /code-snippets/Resources
 COPY ./rootfs /
 
+HEALTHCHECK CMD ["/app/healthcheck.sh"]
+
 # Make non-root container.
 
 USER 1001

From d58c91cc65dfd9004755b1af06810222cc8f7068 Mon Sep 17 00:00:00 2001
From: Sam <109683132+kernelsam@users.noreply.github.com>
Date: Wed, 29 May 2024 18:37:57 -0700
Subject: [PATCH 3/3] add jscpd config

---
 .github/linters/.jscpd.json | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .github/linters/.jscpd.json

diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json
new file mode 100644
index 0000000..8665357
--- /dev/null
+++ b/.github/linters/.jscpd.json
@@ -0,0 +1,3 @@
+{
+  "threshold": 32
+}
\ No newline at end of file