diff --git a/.github/linters/.yaml-lint.yml b/.github/linters/.yaml-lint.yml new file mode 100644 index 0000000..32ff17d --- /dev/null +++ b/.github/linters/.yaml-lint.yml @@ -0,0 +1,9 @@ +# Extends the default yamllint config by adjusting some options. +extends: default + +rules: + comments-indentation: disable + line-length: + level: warning + allow-non-breakable-inline-mappings: true + truthy: disable diff --git a/.github/workflows/add-label-customer-submission.yaml b/.github/workflows/add-label-customer-submission.yaml deleted file mode 100644 index f9dd8e8..0000000 --- a/.github/workflows/add-label-customer-submission.yaml +++ /dev/null @@ -1,20 +0,0 @@ -name: add-label-customer-submission.yaml -on: - issues: - types: - - opened -env: - MEMBER_LIST: ${{ secrets.SENZING_MEMBERS }} - CREATOR: ${{ github.actor }} -jobs: - automate-issues-labels: - name: Add customer-submission label to issue - runs-on: ubuntu-latest - steps: - - name: Add customer-submission label - env: - BOOL: ${{ contains( env.MEMBER_LIST, env.CREATOR ) }} - if: ${{ env.BOOL == 'false' }} - uses: andymckay/labeler@1.0.4 - with: - add-labels: "customer-submission" diff --git a/.github/workflows/add-label-triage.yaml b/.github/workflows/add-label-triage.yaml deleted file mode 100644 index fc32b8c..0000000 --- a/.github/workflows/add-label-triage.yaml +++ /dev/null @@ -1,15 +0,0 @@ -name: add-label-triage.yaml -on: - issues: - types: - - reopened - - opened -jobs: - automate-issues-labels: - name: Add triage label to issue - runs-on: ubuntu-latest - steps: - - name: Add triage label - uses: andymckay/labeler@1.0.4 - with: - add-labels: "triage" diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml new file mode 100644 index 0000000..a78be27 --- /dev/null +++ b/.github/workflows/add-labels-standardized.yaml @@ -0,0 +1,16 @@ +name: 'add labels standardized' + +on: + issues: + types: + - opened + - reopened + +jobs: + add-issue-labels: + permissions: + issues: write + secrets: + ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }} + SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }} + uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v1} diff --git a/.github/workflows/add-to-project-garage-dependabot.yaml b/.github/workflows/add-to-project-garage-dependabot.yaml index 0d0c35b..5e813bf 100644 --- a/.github/workflows/add-to-project-garage-dependabot.yaml +++ b/.github/workflows/add-to-project-garage-dependabot.yaml @@ -1,21 +1,19 @@ -name: add-to-project-garage-dependabot.yaml +name: 'add to project garage dependabot' + on: pull_request: - types: - - opened - - reopened + branches: [main] + env: CREATOR: ${{ github.event.pull_request.user.login }} + jobs: - add-to-project: - name: Add dependabot pull request to project - runs-on: ubuntu-latest - steps: - - name: Assign pull request to project - env: - BOOL: ${{ contains( env.CREATOR, 'dependabot' ) }} - if: ${{ env.BOOL == 'true' }} - uses: actions/add-to-project@v0.5.0 - with: - project-url: https://github.com/orgs/${{ env.SENZING_GITHUB_ACCOUNT_NAME }}/projects/${{ env.SENZING_PROJECT_GARAGE}} - github-token: ${{ secrets.SENZING_GITHUB_ACCESS_TOKEN }} + add-pr-to-project: + if: ${{ github.actor == 'dependabot[bot]' && ( github.event.action == 'opened' || github.event.action == 'reopened' ) }} + secrets: + SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} + uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v1 + with: + classic: false + org: ${{ vars.SENZING_GITHUB_ACCOUNT_NAME }} + project-number: ${{ vars.SENZING_PROJECT_GARAGE }} diff --git a/.github/workflows/add-to-project-garage.yaml b/.github/workflows/add-to-project-garage.yaml index abaf5ae..271162e 100644 --- a/.github/workflows/add-to-project-garage.yaml +++ b/.github/workflows/add-to-project-garage.yaml @@ -1,9 +1,11 @@ -name: add-to-project-garage.yaml +name: 'add to project garage' + on: issues: types: - - reopened - opened + - reopened + jobs: add-to-project: name: Add issue to project diff --git a/.github/workflows/dependabot-approve-and-merge.yaml b/.github/workflows/dependabot-approve-and-merge.yaml index 0c15821..c357735 100644 --- a/.github/workflows/dependabot-approve-and-merge.yaml +++ b/.github/workflows/dependabot-approve-and-merge.yaml @@ -1,12 +1,14 @@ -name: dependabot-approve-and-merge.yaml +name: 'dependabot approve and merge' + on: pull_request: branches: [main] + jobs: dependabot-approve-and-merge: permissions: contents: write pull-requests: write - uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@main secrets: SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }} + uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v1 diff --git a/.github/workflows/docker-build-container.yaml b/.github/workflows/docker-build-container.yaml index 43127f3..0fb2ed2 100644 --- a/.github/workflows/docker-build-container.yaml +++ b/.github/workflows/docker-build-container.yaml @@ -1,15 +1,17 @@ -name: docker-build-container.yaml +name: 'docker build container' + on: pull_request: branches: - main workflow_dispatch: + jobs: docker-build-container: runs-on: ubuntu-latest steps: - name: Build docker image - uses: senzing-factory/github-action-docker-buildx-build@latest + uses: senzing-factory/github-action-docker-buildx-build@v1 with: image-repository: senzing/test-ground password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} diff --git a/.github/workflows/docker-push-containers-to-dockerhub.yaml b/.github/workflows/docker-push-containers-to-dockerhub.yaml index e671d5f..df7cffc 100644 --- a/.github/workflows/docker-push-containers-to-dockerhub.yaml +++ b/.github/workflows/docker-push-containers-to-dockerhub.yaml @@ -1,14 +1,16 @@ -name: docker-push-containers-to-dockerhub.yaml +name: 'docker push containers to dockerhub' + on: push: tags: - "[0-9]+.[0-9]+.[0-9]+" + jobs: docker-push-containers-to-dockerhub: runs-on: ubuntu-latest steps: - name: Build docker image and push to DockerHub - uses: senzing-factory/github-action-docker-buildx-build@latest + uses: senzing-factory/github-action-docker-buildx-build@v1 with: build-options: "--push" image-repository: senzing/test-ground diff --git a/.github/workflows/go-proxy-pull.yaml b/.github/workflows/go-proxy-pull.yaml index ce17845..7208754 100644 --- a/.github/workflows/go-proxy-pull.yaml +++ b/.github/workflows/go-proxy-pull.yaml @@ -1,14 +1,13 @@ -# Based on -# - https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions -# - https://github.com/marketplace/actions/go-proxy-warming -# - https://github.com/andrewslotin/go-proxy-pull-action -# - https://futurestud.io/tutorials/github-actions-run-a-workflow-when-creating-a-tag +name: 'go proxy pull' -name: go-proxy-pull.yaml on: push: tags: - "v[0-9]+.[0-9]+.[0-9]+" + +permissions: + contents: write + jobs: go-proxy-pull: runs-on: ubuntu-latest diff --git a/.github/workflows/go-test-darwin.yaml b/.github/workflows/go-test-darwin.yaml index 264ae66..075f1d8 100644 --- a/.github/workflows/go-test-darwin.yaml +++ b/.github/workflows/go-test-darwin.yaml @@ -1,11 +1,14 @@ -# Based on -# - https://github.com/marketplace/actions/setup-go-environment +name: 'go test darwin' -name: go-test-darwin.yaml on: [push] + env: DYLD_LIBRARY_PATH: /opt/senzing/g2/lib:/opt/senzing/g2/lib/macos LD_LIBRARY_PATH: /opt/senzing/g2/lib:/opt/senzing/g2/lib/macos + +permissions: + contents: read + jobs: go-test-darwin: runs-on: ${{ matrix.os }} @@ -19,9 +22,11 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Setup go uses: actions/setup-go@v5 with: go-version: ${{ matrix.go }} + - name: Run go test run: go test -v -p 1 ./... diff --git a/.github/workflows/go-test-linux.yaml b/.github/workflows/go-test-linux.yaml index 2894ed4..56e27d2 100644 --- a/.github/workflows/go-test-linux.yaml +++ b/.github/workflows/go-test-linux.yaml @@ -1,8 +1,10 @@ -# Based on -# - https://github.com/marketplace/actions/setup-go-environment +name: 'go test linux' -name: go-test-linux.yaml on: [push] + +permissions: + contents: read + jobs: go-test-linux: runs-on: ${{ matrix.os }} @@ -16,9 +18,11 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Setup go uses: actions/setup-go@v5 with: go-version: ${{ matrix.go }} + - name: Run go test run: go test -v -p 1 ./... diff --git a/.github/workflows/go-test-windows.yaml b/.github/workflows/go-test-windows.yaml index 875f0e0..4952a51 100644 --- a/.github/workflows/go-test-windows.yaml +++ b/.github/workflows/go-test-windows.yaml @@ -1,8 +1,10 @@ -# Based on -# - https://github.com/marketplace/actions/setup-go-environment +name: 'go test windows' -name: go-test-windows.yaml on: [push] + +permissions: + contents: read + jobs: go-test-windows: runs-on: ${{ matrix.os }} @@ -16,9 +18,11 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Setup go uses: actions/setup-go@v5 with: go-version: ${{ matrix.go }} + - name: Run go test run: go test -v -p 1 ./... diff --git a/.github/workflows/gofmt.yaml b/.github/workflows/gofmt.yaml index 6bf9fbe..6f08ffb 100644 --- a/.github/workflows/gofmt.yaml +++ b/.github/workflows/gofmt.yaml @@ -1,7 +1,12 @@ -name: gofmt.yaml +name: 'gofmt' + on: pull_request: branches: [main] + +permissions: + contents: read + jobs: gofmt: - uses: senzing-factory/build-resources/.github/workflows/gofmt.yaml@main + uses: senzing-factory/build-resources/.github/workflows/gofmt.yaml@v1 diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml index 42443d8..4cfbf57 100644 --- a/.github/workflows/gosec.yaml +++ b/.github/workflows/gosec.yaml @@ -1,7 +1,5 @@ -# Based on -# - https://github.com/securego/gosec +name: 'gosec' -name: gosec.yaml on: push: branches: @@ -9,6 +7,10 @@ on: pull_request: branches: - main + +permissions: + contents: read + jobs: gosec: runs-on: ubuntu-latest @@ -17,7 +19,8 @@ jobs: steps: - name: Checkout Source uses: actions/checkout@v4 + - name: Run Gosec Security Scanner - uses: securego/gosec@master + uses: securego/gosec@v2.18.2 with: args: ./... diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml new file mode 100644 index 0000000..7c83187 --- /dev/null +++ b/.github/workflows/lint-workflows.yaml @@ -0,0 +1,16 @@ +name: 'lint workflows' + +on: + push: + branches-ignore: [main] + pull_request: + branches: [main] + +permissions: + contents: read + packages: read + statuses: write + +jobs: + lint-workflows: + uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v1 diff --git a/.github/workflows/make-go-github-file.yaml b/.github/workflows/make-go-github-file.yaml index 7ba655b..5390ab0 100644 --- a/.github/workflows/make-go-github-file.yaml +++ b/.github/workflows/make-go-github-file.yaml @@ -1,13 +1,17 @@ -name: make-go-github-file.yaml +name: 'make go github file' + on: push: tags: - "[0-9]+.[0-9]+.[0-9]+" -permissions: write-all + +permissions: + contents: write + jobs: make-go-github-file: - uses: senzing-factory/build-resources/.github/workflows/make-go-github-file.yaml@main + uses: senzing-factory/build-resources/.github/workflows/make-go-github-file.yaml@v1 secrets: - SENZING_GITHUB_GPG_PRIVATE_KEY: ${{ secrets.SENZING_GITHUB_GPG_PRIVATE_KEY }} - SENZING_GITHUB_GPG_PASSPHRASE: ${{ secrets.SENZING_GITHUB_GPG_PASSPHRASE }} SENZING_GITHUB_ACTOR: ${{ secrets.SENZING_GITHUB_ACTOR }} + SENZING_GITHUB_GPG_PASSPHRASE: ${{ secrets.SENZING_GITHUB_GPG_PASSPHRASE }} + SENZING_GITHUB_GPG_PRIVATE_KEY: ${{ secrets.SENZING_GITHUB_GPG_PRIVATE_KEY }} diff --git a/.github/workflows/make-go-tag.yaml b/.github/workflows/make-go-tag.yaml index ad7670f..f8603a4 100644 --- a/.github/workflows/make-go-tag.yaml +++ b/.github/workflows/make-go-tag.yaml @@ -1,9 +1,13 @@ -name: make-go-tag.yaml +name: 'make go tag' + on: push: tags: - "[0-9]+.[0-9]+.[0-9]+" -permissions: write-all + +permissions: + contents: write + jobs: make-go-tag: name: Make a vM.m.P tag @@ -11,5 +15,6 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Make go version tag - uses: senzing-factory/github-action-make-go-tag@main + uses: senzing-factory/github-action-make-go-tag@v1 diff --git a/.github/workflows/move-pr-to-done.yaml b/.github/workflows/move-pr-to-done.yaml index 099d1b4..4a17ef5 100644 --- a/.github/workflows/move-pr-to-done.yaml +++ b/.github/workflows/move-pr-to-done.yaml @@ -1,9 +1,11 @@ -name: move-pr-to-done.yaml +name: 'move pr to done' + on: pull_request: types: [closed] + jobs: move-pr-to-done: - uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done.yaml@main + uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done.yaml@v1 secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}