diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml new file mode 100644 index 0000000..e2d7c03 --- /dev/null +++ b/.github/linters/.checkov.yaml @@ -0,0 +1,2 @@ +quiet: true +skip-check: CKV_DOCKER_7 diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json new file mode 100644 index 0000000..d6a0a48 --- /dev/null +++ b/.github/linters/.jscpd.json @@ -0,0 +1,3 @@ +{ + "threshold": 1 +} \ No newline at end of file diff --git a/.github/workflows/dependabot-approve-and-merge.yaml b/.github/workflows/dependabot-approve-and-merge.yaml index cacaa2d..0aad27e 100644 --- a/.github/workflows/dependabot-approve-and-merge.yaml +++ b/.github/workflows/dependabot-approve-and-merge.yaml @@ -4,11 +4,12 @@ on: pull_request: branches: [main] +permissions: + contents: write + pull-requests: write + jobs: dependabot-approve-and-merge: - permissions: - contents: write - pull-requests: write secrets: SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v2 diff --git a/package.Dockerfile b/package.Dockerfile index 4e85bb7..23118f2 100755 --- a/package.Dockerfile +++ b/package.Dockerfile @@ -13,8 +13,8 @@ ARG IMAGE_FINAL=alpine FROM ${IMAGE_GO_BUILDER} as go_builder ENV REFRESHED_AT=2023-08-01 LABEL Name="senzing/explain-builder" \ - Maintainer="support@senzing.com" \ - Version="0.2.0" + Maintainer="support@senzing.com" \ + Version="0.2.0" # Build arguments. @@ -28,6 +28,8 @@ ARG GO_PACKAGE_NAME="unknown" COPY ./rootfs / COPY . ${GOPATH}/src/${GO_PACKAGE_NAME} +HEALTHCHECK CMD ["/healthcheck.sh"] + # Build go program. WORKDIR ${GOPATH}/src/${GO_PACKAGE_NAME} @@ -36,7 +38,7 @@ RUN make linux/amd64 # Copy binaries to /output. RUN mkdir -p /output \ - && cp -R ${GOPATH}/src/${GO_PACKAGE_NAME}/target/* /output/ + && cp -R ${GOPATH}/src/${GO_PACKAGE_NAME}/target/* /output/ # ----------------------------------------------------------------------------- # Stage: fpm_builder @@ -47,8 +49,8 @@ RUN mkdir -p /output \ FROM ${IMAGE_FPM_BUILDER} as fpm_builder ENV REFRESHED_AT=2023-08-01 LABEL Name="senzing/explain-fpm-builder" \ - Maintainer="support@senzing.com" \ - Version="0.2.0" + Maintainer="support@senzing.com" \ + Version="0.2.0" # Use arguments from prior stage. @@ -64,25 +66,25 @@ COPY --from=go_builder "/output/linux-amd64/*" "/output/linux-amd64/" # Create Linux RPM package. RUN fpm \ - --input-type dir \ - --output-type rpm \ - --name ${PROGRAM_NAME} \ - --package /output/${PROGRAM_NAME}-${BUILD_VERSION}.rpm \ - --version ${BUILD_VERSION} \ - --iteration ${BUILD_ITERATION} \ - /output/linux-amd64/=/usr/bin + --input-type dir \ + --output-type rpm \ + --name ${PROGRAM_NAME} \ + --package /output/${PROGRAM_NAME}-${BUILD_VERSION}.rpm \ + --version ${BUILD_VERSION} \ + --iteration ${BUILD_ITERATION} \ + /output/linux-amd64/=/usr/bin # Create Linux DEB package. RUN fpm \ - --deb-no-default-config-files \ - --input-type dir \ - --iteration ${BUILD_ITERATION} \ - --name ${PROGRAM_NAME} \ - --output-type deb \ - --package /output/${PROGRAM_NAME}-${BUILD_VERSION}.deb \ - --version ${BUILD_VERSION} \ - /output/linux-amd64/=/usr/bin + --deb-no-default-config-files \ + --input-type dir \ + --iteration ${BUILD_ITERATION} \ + --name ${PROGRAM_NAME} \ + --output-type deb \ + --package /output/${PROGRAM_NAME}-${BUILD_VERSION}.deb \ + --version ${BUILD_VERSION} \ + /output/linux-amd64/=/usr/bin # ----------------------------------------------------------------------------- # Stage: final @@ -91,8 +93,8 @@ RUN fpm \ FROM ${IMAGE_FINAL} as final ENV REFRESHED_AT=2023-08-01 LABEL Name="senzing/explain" \ - Maintainer="support@senzing.com" \ - Version="0.2.0" + Maintainer="support@senzing.com" \ + Version="0.2.0" # Use arguments from prior stage. @@ -103,4 +105,6 @@ ARG PROGRAM_NAME COPY --from=fpm_builder "/output/*" "/output/" COPY --from=fpm_builder "/output/linux-amd64/${PROGRAM_NAME}" "/output/linux-amd64/${PROGRAM_NAME}" +USER 1001 + CMD ["/bin/bash"] diff --git a/rootfs/healthcheck.sh b/rootfs/healthcheck.sh new file mode 100755 index 0000000..898a02b --- /dev/null +++ b/rootfs/healthcheck.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +# Return codes. + +OK=0 +NOT_OK=1 + +# Tests. + +echo "Doing healthtest." + +exit ${OK}