senzing-factory/build-resources#69 add linting and cleanup workflows (#…

…125)

* senzing-factory/build-resources#69 add linting

* test

* test

* lint all

* test config

* linting and standardization updates

* test skip linting

* cleanup and another test run

* update permissions

* fix linting

* use tags

* rename and fix some alphabetical orders

.github/linters/.yaml-lint.yml

@@ -0,0 +1,9 @@
+# Extends the default yamllint config by adjusting some options.
+extends: default
+
+rules:
+  comments-indentation: disable
+  line-length:
+    level: warning
+    allow-non-breakable-inline-mappings: true
+  truthy: disable

.github/workflows/add-labels-standardized.yaml

@@ -0,0 +1,16 @@
+name: 'add labels standardized'
+
+on:
+  issues:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  add-issue-labels:
+    permissions:
+      issues: write
+    secrets:
+      ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }}
+      SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }}
+    uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v1}

.github/workflows/add-to-project-garage-dependabot.yaml

@@ -1,21 +1,19 @@
-name: add-to-project-garage-dependabot.yaml
+name: 'add to project garage dependabot'
+
 on:
   pull_request:
-    types:
-      - opened
-      - reopened
+    branches: [main]
+
 env:
   CREATOR: ${{ github.event.pull_request.user.login }}
+
 jobs:
-  add-to-project:
-    name: Add dependabot pull request to project
-    runs-on: ubuntu-latest
-    steps:
-      - name: Assign pull request to project
-        env:
-          BOOL: ${{ contains( env.CREATOR, 'dependabot' ) }}
-        if: ${{ env.BOOL == 'true' }}
-        uses: actions/add-to-project@v0.5.0
-        with:
-          project-url: https://github.com/orgs/${{ env.SENZING_GITHUB_ACCOUNT_NAME }}/projects/${{ env.SENZING_PROJECT_GARAGE}}
-          github-token: ${{ secrets.SENZING_GITHUB_ACCESS_TOKEN }}
+  add-pr-to-project:
+    if: ${{ github.actor == 'dependabot[bot]' && ( github.event.action  == 'opened' || github.event.action  == 'reopened' ) }}
+    secrets:
+      SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}
+    uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v1
+    with:
+      classic: false
+      org: ${{ vars.SENZING_GITHUB_ACCOUNT_NAME }}
+      project-number: ${{ vars.SENZING_PROJECT_GARAGE }}

.github/workflows/add-to-project-garage.yaml

@@ -1,9 +1,11 @@
-name: add-to-project-garage.yaml
+name: 'add to project garage'
+
 on:
   issues:
     types:
-      - reopened
       - opened
+      - reopened
+
 jobs:
   add-to-project:
     name: Add issue to project

.github/workflows/dependabot-approve-and-merge.yaml

@@ -1,12 +1,14 @@
-name: dependabot-approve-and-merge.yaml
+name: 'dependabot approve and merge'
+
 on:
   pull_request:
     branches: [main]
+
 jobs:
   dependabot-approve-and-merge:
     permissions:
       contents: write
       pull-requests: write
-    uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@main
     secrets:
       SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }}
+    uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v1

.github/workflows/docker-build-container.yaml

@@ -1,15 +1,17 @@
-name: docker-build-container.yaml
+name: 'docker build container'
+
 on:
   pull_request:
     branches:
       - main
   workflow_dispatch:
+
 jobs:
   docker-build-container:
     runs-on: ubuntu-latest
     steps:
       - name: Build docker image
-        uses: senzing-factory/github-action-docker-buildx-build@latest
+        uses: senzing-factory/github-action-docker-buildx-build@v1
         with:
           image-repository: senzing/test-ground
           password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}

.github/workflows/docker-push-containers-to-dockerhub.yaml

@@ -1,14 +1,16 @@
-name: docker-push-containers-to-dockerhub.yaml
+name: 'docker push containers to dockerhub'
+
 on:
   push:
     tags:
       - "[0-9]+.[0-9]+.[0-9]+"
+
 jobs:
   docker-push-containers-to-dockerhub:
     runs-on: ubuntu-latest
     steps:
       - name: Build docker image and push to DockerHub
-        uses: senzing-factory/github-action-docker-buildx-build@latest
+        uses: senzing-factory/github-action-docker-buildx-build@v1
         with:
           build-options: "--push"
           image-repository: senzing/test-ground

.github/workflows/go-proxy-pull.yaml

@@ -1,14 +1,13 @@
-# Based on
-# - https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
-# - https://github.com/marketplace/actions/go-proxy-warming
-# - https://github.com/andrewslotin/go-proxy-pull-action
-# - https://futurestud.io/tutorials/github-actions-run-a-workflow-when-creating-a-tag
+name: 'go proxy pull'
 
-name: go-proxy-pull.yaml
 on:
   push:
     tags:
       - "v[0-9]+.[0-9]+.[0-9]+"
+
+permissions:
+  contents: write
+
 jobs:
   go-proxy-pull:
     runs-on: ubuntu-latest

.github/workflows/go-test-darwin.yaml

@@ -1,11 +1,14 @@
-# Based on
-# - https://github.com/marketplace/actions/setup-go-environment
+name: 'go test darwin'
 
-name: go-test-darwin.yaml
 on: [push]
+
 env:
   DYLD_LIBRARY_PATH: /opt/senzing/g2/lib:/opt/senzing/g2/lib/macos
   LD_LIBRARY_PATH: /opt/senzing/g2/lib:/opt/senzing/g2/lib/macos
+
+permissions:
+  contents: read
+
 jobs:
   go-test-darwin:
     runs-on: ${{ matrix.os }}
@@ -19,9 +22,11 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+
       - name: Setup go
         uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.go }}
+
       - name: Run go test
         run: go test -v -p 1 ./...

.github/workflows/go-test-linux.yaml

@@ -1,8 +1,10 @@
-# Based on
-# - https://github.com/marketplace/actions/setup-go-environment
+name: 'go test linux'
 
-name: go-test-linux.yaml
 on: [push]
+
+permissions:
+  contents: read
+
 jobs:
   go-test-linux:
     runs-on: ${{ matrix.os }}
@@ -16,9 +18,11 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+
       - name: Setup go
         uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.go }}
+
       - name: Run go test
         run: go test -v -p 1 ./...

.github/workflows/go-test-windows.yaml

@@ -1,8 +1,10 @@
-# Based on
-# - https://github.com/marketplace/actions/setup-go-environment
+name: 'go test windows'
 
-name: go-test-windows.yaml
 on: [push]
+
+permissions:
+  contents: read
+
 jobs:
   go-test-windows:
     runs-on: ${{ matrix.os }}
@@ -16,9 +18,11 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+
       - name: Setup go
         uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.go }}
+
       - name: Run go test
         run: go test -v -p 1 ./...

.github/workflows/gofmt.yaml

@@ -1,7 +1,12 @@
-name: gofmt.yaml
+name: 'gofmt'
+
 on:
   pull_request:
     branches: [main]
+
+permissions:
+  contents: read
+
 jobs:
   gofmt:
-    uses: senzing-factory/build-resources/.github/workflows/gofmt.yaml@main
+    uses: senzing-factory/build-resources/.github/workflows/gofmt.yaml@v1

.github/workflows/gosec.yaml

@@ -1,14 +1,16 @@
-# Based on
-# - https://github.com/securego/gosec
+name: 'gosec'
 
-name: gosec.yaml
 on:
   push:
     branches:
       - main
   pull_request:
     branches:
       - main
+
+permissions:
+  contents: read
+
 jobs:
   gosec:
     runs-on: ubuntu-latest
@@ -17,7 +19,8 @@ jobs:
     steps:
       - name: Checkout Source
         uses: actions/checkout@v4
+
       - name: Run Gosec Security Scanner
-        uses: securego/gosec@master
+        uses: securego/gosec@v2.18.2
         with:
           args: ./...

.github/workflows/lint-workflows.yaml

@@ -0,0 +1,16 @@
+name: 'lint workflows'
+
+on:
+  push:
+    branches-ignore: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+  packages: read
+  statuses: write
+
+jobs:
+  lint-workflows:
+    uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v1

.github/workflows/make-go-github-file.yaml

@@ -1,13 +1,17 @@
-name: make-go-github-file.yaml
+name: 'make go github file'
+
 on:
   push:
     tags:
       - "[0-9]+.[0-9]+.[0-9]+"
-permissions: write-all
+
+permissions:
+  contents: write
+
 jobs:
   make-go-github-file:
-    uses: senzing-factory/build-resources/.github/workflows/make-go-github-file.yaml@main
+    uses: senzing-factory/build-resources/.github/workflows/make-go-github-file.yaml@v1
     secrets:
-      SENZING_GITHUB_GPG_PRIVATE_KEY: ${{ secrets.SENZING_GITHUB_GPG_PRIVATE_KEY }}
-      SENZING_GITHUB_GPG_PASSPHRASE: ${{ secrets.SENZING_GITHUB_GPG_PASSPHRASE }}
       SENZING_GITHUB_ACTOR: ${{ secrets.SENZING_GITHUB_ACTOR }}
+      SENZING_GITHUB_GPG_PASSPHRASE: ${{ secrets.SENZING_GITHUB_GPG_PASSPHRASE }}
+      SENZING_GITHUB_GPG_PRIVATE_KEY: ${{ secrets.SENZING_GITHUB_GPG_PRIVATE_KEY }}

.github/workflows/make-go-tag.yaml

@@ -1,15 +1,20 @@
-name: make-go-tag.yaml
+name: 'make go tag'
+
 on:
   push:
     tags:
       - "[0-9]+.[0-9]+.[0-9]+"
-permissions: write-all
+
+permissions:
+  contents: write
+
 jobs:
   make-go-tag:
     name: Make a vM.m.P tag
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+
       - name: Make go version tag
-        uses: senzing-factory/github-action-make-go-tag@main
+        uses: senzing-factory/github-action-make-go-tag@v1

.github/workflows/move-pr-to-done.yaml

@@ -1,9 +1,11 @@
-name: move-pr-to-done.yaml
+name: 'move pr to done'
+
 on:
   pull_request:
     types: [closed]
+
 jobs:
   move-pr-to-done:
-    uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done.yaml@main
+    uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done.yaml@v1
     secrets:
       SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}