#1 Initial content

.dockerignore

@@ -0,0 +1,14 @@
+.github/
+docs/
+.DS_Store
+.gitignore
+.project
+.pydevproject
+CHANGELOG.md
+CODE_OF_CONDUCT.md
+CONTRIBUTING.md
+docker-compose.test.yml
+LICENSE
+Makefile
+PULL_REQUEST_TEMPLATE.md
+README.md

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+# Default code owner
+
+* @Senzing/senzing-community
+
+/.github/ @Senzing/senzing-devsecops

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/linters/.checkov.yaml

@@ -0,0 +1,4 @@
+quiet: true
+skip-check:
+  - CKV_DOCKER_7
+  - CKV_DOCKER_8

.github/linters/.jscpd.json

@@ -0,0 +1,3 @@
+{
+  "threshold": 2
+}

.github/scripts/docker_test_script.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+
+# Check ENV for LD_LIBRARY_PATH
+if [[ -z "${LD_LIBRARY_PATH}" ]]; then
+  echo "[ERROR] Environment variable LD_LIBRARY_PATH is not set"
+  exit 1
+fi
+
+# Verify that some Senzing files have been installed
+# /opt/senzing/er/g2BuildVersion.json  (log contents)
+FILE=/opt/senzing/er/g2BuildVersion.json
+if test -f "$FILE"; then
+    echo "$FILE exists."
+else
+    echo "$FILE does not exist."
+    exit 1
+fi
+
+# /opt/senzing/data/libpostal/data_version
+FILE=/opt/senzing/data/libpostal/data_version
+if test -f "$FILE"; then
+    echo "[INFO] $FILE exists."
+else
+    echo "[ERROR] $FILE does not exist."
+    exit 1
+fi
+
+# parse /opt/senzing/er/g2BuildVersion.json, get BUILD_VERSION and compare it with SENZING_APT_INSTALL_PACKAGE="senzingsdk-runtime=3.3.1-22283" 
+# {
+#     "PLATFORM": "Linux",
+#     "VERSION": "4.0.0",
+#     "BUILD_VERSION": "4.0.0.24318",
+#     "BUILD_NUMBER": "2024_11_13__14_22",
+#     "DATA_VERSION": "6.0.0"
+# }
+
+# check that g2build version is the same as the senzing apt installed 
+FILE=/opt/senzing/er/g2BuildVersion.json
+if test -f "$FILE"; then
+    echo "[INFO] $FILE exists."
+
+    # extract build_version from the json 
+    BUILD_VERSION=$(cat $FILE | jq ".BUILD_VERSION" | cut -d '"' -f 2)
+
+    # replace build_version - with .
+    SZ_APT_PKG_VERSION=$(echo "$SENZING_APT_INSTALL_PACKAGE" | sed 's/\(.*\)-/\1./' | cut -d "=" -f 2)
+
+    # compare with SENZING_APT_INSTALL_PACKAGE
+    if [ "$BUILD_VERSION" = "$SZ_APT_PKG_VERSION" ]; then
+        echo "[INFO] Build version is the same as SENZING_APT_INSTALL_PACKAGE env."
+    else
+        echo "[ERROR] Build version is not the same as SENZING_APT_INSTALL_PACKAGE env."
+        exit 1
+    fi
+else
+    echo "[ERROR] $FILE does not exist."
+    exit 1
+fi

.github/workflows/add-labels-standardized.yaml

@@ -0,0 +1,17 @@
+name: add labels standardized
+
+on:
+  issues:
+    types:
+      - opened
+      - reopened
+
+permissions:
+  issues: write
+
+jobs:
+  add-issue-labels:
+    secrets:
+      ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }}
+      SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }}
+    uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v2

.github/workflows/add-to-project-senzing-dependabot.yaml

@@ -0,0 +1,16 @@
+name: add to project senzing github organization dependabot
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  repository-projects: write
+
+jobs:
+  add-to-project-dependabot:
+    secrets:
+      SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}
+    uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v2
+    with:
+      project: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }}

.github/workflows/add-to-project-senzing.yaml

@@ -0,0 +1,20 @@
+name: add to project senzing github organization
+
+on:
+  issues:
+    types:
+      - opened
+      - reopened
+
+permissions:
+  repository-projects: write
+
+jobs:
+  add-to-project:
+    secrets:
+      SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}
+    uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v2
+    with:
+      classic: false
+      project-number: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }}
+      org: ${{ vars.SENZING_GITHUB_ACCOUNT_NAME }}

.github/workflows/dependabot-approve-and-merge.yaml

@@ -0,0 +1,15 @@
+name: dependabot approve and merge
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot-approve-and-merge:
+    secrets:
+      SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }}
+    uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v2

.github/workflows/docker-build-container.yaml

@@ -0,0 +1,25 @@
+name: docker build container
+
+on: [push]
+
+permissions:
+  contents: read
+
+jobs:
+  docker-build-container:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: get repo name
+        id: repo-basename
+        run: |
+          echo "repo=$(basename ${{ github.repository }})" >> "$GITHUB_OUTPUT"
+        shell: bash
+
+      - name: build docker image
+        uses: senzing-factory/github-action-docker-buildx-build@v1
+        with:
+          image-repository: senzing/${{ steps.repo-basename.outputs.repo }}
+          image-tag: ${{ github.ref_name }}
+          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}

.github/workflows/docker-push-containers-to-dockerhub-beta.yaml

@@ -0,0 +1,27 @@
+name: docker push containers to dockerhub - beta
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  docker-push-containers-to-dockerhub-beta:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Get repo name
+        id: repo-basename
+        run: |
+          echo "repo=$(basename ${{ github.repository }})" >> "$GITHUB_OUTPUT"
+        shell: bash
+
+      - name: Build docker image and push to DockerHub
+        uses: senzing-factory/github-action-docker-buildx-build@v1
+        with:
+          build-options: "-q --push --build-arg SENZING_APT_INSTALL_PACKAGE=senzingsdk-runtime --build-arg SENZING_APT_REPOSITORY_NAME=${{ secrets.SENZING_APT_BETA_REPOSITORY_PACKAGE }}  --build-arg SENZING_APT_REPOSITORY_URL=${{ secrets.SENZING_APT_BETA_REPOSITORY_URL }}"
+          image-repository: senzing/${{ steps.repo-basename.outputs.repo }}-beta
+          image-tag: latest
+          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}

.github/workflows/docker-push-containers-to-dockerhub.yaml

@@ -0,0 +1,30 @@
+name: docker push containers to dockerhub
+
+on:
+  push:
+    tags:
+      - "[0-9]+.[0-9]+.[0-9]+"
+
+permissions:
+  contents: read
+
+jobs:
+  docker-push-containers-to-dockerhub:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: get repo name
+        id: repo-basename
+        run: |
+          echo "repo=$(basename ${{ github.repository }})" >> "$GITHUB_OUTPUT"
+        shell: bash
+
+      - name: build docker image and push to DockerHub
+        uses: senzing-factory/github-action-docker-buildx-build@v1
+        with:
+          build-options: "--push"
+          image-repository: senzing/${{ steps.repo-basename.outputs.repo }}
+          image-tag: ${{ github.ref_name }}
+          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
+          platforms: "linux/amd64,linux/arm64"
+          username: ${{ secrets.DOCKERHUB_USERNAME }}

.github/workflows/lint-workflows.yaml

@@ -0,0 +1,17 @@
+name: lint workflows
+
+on:
+  push:
+    branches-ignore: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+  packages: read
+  pull-requests: read
+  statuses: write
+
+jobs:
+  lint-workflows:
+    uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v2

.github/workflows/move-pr-to-done-dependabot.yaml

@@ -0,0 +1,17 @@
+name: move pr to done dependabot
+
+on:
+  pull_request:
+    branches: [main]
+    types: [closed]
+
+permissions:
+  repository-projects: write
+
+jobs:
+  move-pr-to-done-dependabot:
+    secrets:
+      SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}
+    uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v2
+    with:
+      project: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }}