From b9b8ae83ae9e178a7e3034ec46de79c167e09cfe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 May 2024 05:06:30 +0000 Subject: [PATCH 1/2] Bump senzing-factory/build-resources from 1 to 2 Bumps [senzing-factory/build-resources](https://github.com/senzing-factory/build-resources) from 1 to 2. - [Release notes](https://github.com/senzing-factory/build-resources/releases) - [Changelog](https://github.com/senzing-factory/build-resources/blob/main/CHANGELOG.md) - [Commits](https://github.com/senzing-factory/build-resources/compare/v1...v2) --- updated-dependencies: - dependency-name: senzing-factory/build-resources dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/add-labels-standardized.yaml | 2 +- .github/workflows/add-to-project-garage-dependabot.yaml | 2 +- .github/workflows/add-to-project-garage.yaml | 2 +- .github/workflows/dependabot-approve-and-merge.yaml | 2 +- .github/workflows/gofmt.yaml | 2 +- .github/workflows/lint-workflows.yaml | 2 +- .github/workflows/make-go-github-file.yaml | 2 +- .github/workflows/move-pr-to-done-dependabot.yaml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml index 50687a5..01aa8a1 100644 --- a/.github/workflows/add-labels-standardized.yaml +++ b/.github/workflows/add-labels-standardized.yaml @@ -14,4 +14,4 @@ jobs: secrets: ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }} SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }} - uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v2 diff --git a/.github/workflows/add-to-project-garage-dependabot.yaml b/.github/workflows/add-to-project-garage-dependabot.yaml index 99b12a0..19cc672 100644 --- a/.github/workflows/add-to-project-garage-dependabot.yaml +++ b/.github/workflows/add-to-project-garage-dependabot.yaml @@ -11,6 +11,6 @@ jobs: add-to-project-dependabot: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v2 with: project: ${{ vars.SENZING_PROJECT_GARAGE }} diff --git a/.github/workflows/add-to-project-garage.yaml b/.github/workflows/add-to-project-garage.yaml index 1abad01..53c0744 100644 --- a/.github/workflows/add-to-project-garage.yaml +++ b/.github/workflows/add-to-project-garage.yaml @@ -13,7 +13,7 @@ jobs: add-to-project: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v2 with: classic: false project-number: ${{ vars.SENZING_PROJECT_GARAGE }} diff --git a/.github/workflows/dependabot-approve-and-merge.yaml b/.github/workflows/dependabot-approve-and-merge.yaml index 15a5bf9..cacaa2d 100644 --- a/.github/workflows/dependabot-approve-and-merge.yaml +++ b/.github/workflows/dependabot-approve-and-merge.yaml @@ -11,4 +11,4 @@ jobs: pull-requests: write secrets: SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v2 diff --git a/.github/workflows/gofmt.yaml b/.github/workflows/gofmt.yaml index 122d306..54b4e5a 100644 --- a/.github/workflows/gofmt.yaml +++ b/.github/workflows/gofmt.yaml @@ -9,4 +9,4 @@ permissions: jobs: gofmt: - uses: senzing-factory/build-resources/.github/workflows/gofmt.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/gofmt.yaml@v2 diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml index 1bcd936..c471330 100644 --- a/.github/workflows/lint-workflows.yaml +++ b/.github/workflows/lint-workflows.yaml @@ -14,4 +14,4 @@ permissions: jobs: lint-workflows: - uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v2 diff --git a/.github/workflows/make-go-github-file.yaml b/.github/workflows/make-go-github-file.yaml index 25e57ff..6aadd14 100644 --- a/.github/workflows/make-go-github-file.yaml +++ b/.github/workflows/make-go-github-file.yaml @@ -15,4 +15,4 @@ jobs: SENZING_GITHUB_ACTOR: ${{ secrets.SENZING_GITHUB_ACTOR }} SENZING_GITHUB_GPG_PASSPHRASE: ${{ secrets.SENZING_GITHUB_GPG_PASSPHRASE }} SENZING_GITHUB_GPG_PRIVATE_KEY: ${{ secrets.SENZING_GITHUB_GPG_PRIVATE_KEY }} - uses: senzing-factory/build-resources/.github/workflows/make-go-github-file.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/make-go-github-file.yaml@v2 diff --git a/.github/workflows/move-pr-to-done-dependabot.yaml b/.github/workflows/move-pr-to-done-dependabot.yaml index 4a5db44..b59571b 100644 --- a/.github/workflows/move-pr-to-done-dependabot.yaml +++ b/.github/workflows/move-pr-to-done-dependabot.yaml @@ -12,6 +12,6 @@ jobs: move-pr-to-done-dependabot: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v1 + uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v2 with: project: ${{ vars.SENZING_PROJECT_GARAGE }} From a565e8a16b3407ee8a8e33a7a9b49ce8c6bbf650 Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Fri, 7 Jun 2024 13:11:54 -0700 Subject: [PATCH 2/2] fix linting --- .github/linters/.checkov.yaml | 2 + .github/linters/.jscpd.json | 3 ++ .../dependabot-approve-and-merge.yaml | 7 +-- .github/workflows/docker-build-container.yaml | 3 ++ Dockerfile | 14 ++++-- package.Dockerfile | 48 ++++++++++--------- rootfs/healthcheck.sh | 12 +++++ 7 files changed, 59 insertions(+), 30 deletions(-) create mode 100644 .github/linters/.checkov.yaml create mode 100644 .github/linters/.jscpd.json create mode 100644 rootfs/healthcheck.sh diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml new file mode 100644 index 0000000..e2d7c03 --- /dev/null +++ b/.github/linters/.checkov.yaml @@ -0,0 +1,2 @@ +quiet: true +skip-check: CKV_DOCKER_7 diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json new file mode 100644 index 0000000..6eb5f17 --- /dev/null +++ b/.github/linters/.jscpd.json @@ -0,0 +1,3 @@ +{ + "threshold": 3 +} \ No newline at end of file diff --git a/.github/workflows/dependabot-approve-and-merge.yaml b/.github/workflows/dependabot-approve-and-merge.yaml index cacaa2d..0aad27e 100644 --- a/.github/workflows/dependabot-approve-and-merge.yaml +++ b/.github/workflows/dependabot-approve-and-merge.yaml @@ -4,11 +4,12 @@ on: pull_request: branches: [main] +permissions: + contents: write + pull-requests: write + jobs: dependabot-approve-and-merge: - permissions: - contents: write - pull-requests: write secrets: SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v2 diff --git a/.github/workflows/docker-build-container.yaml b/.github/workflows/docker-build-container.yaml index 2a6d731..f27811a 100644 --- a/.github/workflows/docker-build-container.yaml +++ b/.github/workflows/docker-build-container.yaml @@ -6,6 +6,9 @@ on: - main workflow_dispatch: +permissions: + contents: read + jobs: docker-build-container: runs-on: ubuntu-latest diff --git a/Dockerfile b/Dockerfile index ae4de4e..a4c2b6a 100755 --- a/Dockerfile +++ b/Dockerfile @@ -18,8 +18,8 @@ FROM ${IMAGE_FINAL} as senzingapi_runtime FROM ${IMAGE_GO_BUILDER} as go_builder ENV REFRESHED_AT=2023-10-02 LABEL Name="senzing/observe-builder" \ - Maintainer="support@senzing.com" \ - Version="0.2.0" + Maintainer="support@senzing.com" \ + Version="0.2.0" # Copy local files from the Git repository. @@ -43,7 +43,7 @@ RUN make build # Copy binaries to /output. RUN mkdir -p /output \ - && cp -R ${GOPATH}/src/observe/target/* /output/ + && cp -R ${GOPATH}/src/observe/target/* /output/ # ----------------------------------------------------------------------------- # Stage: final @@ -52,13 +52,17 @@ RUN mkdir -p /output \ FROM ${IMAGE_FINAL} as final ENV REFRESHED_AT=2023-08-01 LABEL Name="senzing/observe" \ - Maintainer="support@senzing.com" \ - Version="0.2.0" + Maintainer="support@senzing.com" \ + Version="0.2.0" # Copy files from prior stage. COPY --from=go_builder "/output/linux-amd64/observe" "/app/observe" +HEALTHCHECK CMD ["/healthcheck.sh"] + +USER 1001 + # Runtime environment variables. ENV LD_LIBRARY_PATH=/opt/senzing/g2/lib/ diff --git a/package.Dockerfile b/package.Dockerfile index 692a352..b4d5d3c 100755 --- a/package.Dockerfile +++ b/package.Dockerfile @@ -13,8 +13,8 @@ ARG IMAGE_FINAL=alpine FROM ${IMAGE_GO_BUILDER} as go_builder ENV REFRESHED_AT=2023-08-01 LABEL Name="senzing/observe-builder" \ - Maintainer="support@senzing.com" \ - Version="0.2.0" + Maintainer="support@senzing.com" \ + Version="0.2.0" # Build arguments. @@ -36,7 +36,7 @@ RUN make linux/amd64 # Copy binaries to /output. RUN mkdir -p /output \ - && cp -R ${GOPATH}/src/${GO_PACKAGE_NAME}/target/* /output/ + && cp -R ${GOPATH}/src/${GO_PACKAGE_NAME}/target/* /output/ # ----------------------------------------------------------------------------- # Stage: fpm_builder @@ -47,8 +47,8 @@ RUN mkdir -p /output \ FROM ${IMAGE_FPM_BUILDER} as fpm_builder ENV REFRESHED_AT=2023-08-01 LABEL Name="senzing/observe-fpm-builder" \ - Maintainer="support@senzing.com" \ - Version="0.2.0" + Maintainer="support@senzing.com" \ + Version="0.2.0" # Use arguments from prior stage. @@ -64,25 +64,25 @@ COPY --from=go_builder "/output/linux-amd64/*" "/output/linux-amd64/" # Create Linux RPM package. RUN fpm \ - --input-type dir \ - --output-type rpm \ - --name ${PROGRAM_NAME} \ - --package /output/${PROGRAM_NAME}-${BUILD_VERSION}.rpm \ - --version ${BUILD_VERSION} \ - --iteration ${BUILD_ITERATION} \ - /output/linux-amd64/=/usr/bin + --input-type dir \ + --output-type rpm \ + --name ${PROGRAM_NAME} \ + --package /output/${PROGRAM_NAME}-${BUILD_VERSION}.rpm \ + --version ${BUILD_VERSION} \ + --iteration ${BUILD_ITERATION} \ + /output/linux-amd64/=/usr/bin # Create Linux DEB package. RUN fpm \ - --deb-no-default-config-files \ - --input-type dir \ - --iteration ${BUILD_ITERATION} \ - --name ${PROGRAM_NAME} \ - --output-type deb \ - --package /output/${PROGRAM_NAME}-${BUILD_VERSION}.deb \ - --version ${BUILD_VERSION} \ - /output/linux-amd64/=/usr/bin + --deb-no-default-config-files \ + --input-type dir \ + --iteration ${BUILD_ITERATION} \ + --name ${PROGRAM_NAME} \ + --output-type deb \ + --package /output/${PROGRAM_NAME}-${BUILD_VERSION}.deb \ + --version ${BUILD_VERSION} \ + /output/linux-amd64/=/usr/bin # ----------------------------------------------------------------------------- # Stage: final @@ -91,8 +91,8 @@ RUN fpm \ FROM ${IMAGE_FINAL} as final ENV REFRESHED_AT=2023-08-01 LABEL Name="senzing/observe" \ - Maintainer="support@senzing.com" \ - Version="0.2.0" + Maintainer="support@senzing.com" \ + Version="0.2.0" # Use arguments from prior stage. @@ -103,4 +103,8 @@ ARG PROGRAM_NAME COPY --from=fpm_builder "/output/*" "/output/" COPY --from=fpm_builder "/output/linux-amd64/${PROGRAM_NAME}" "/output/linux-amd64/${PROGRAM_NAME}" +HEALTHCHECK CMD ["/healthcheck.sh"] + +USER 1001 + CMD ["/bin/bash"] diff --git a/rootfs/healthcheck.sh b/rootfs/healthcheck.sh new file mode 100644 index 0000000..898a02b --- /dev/null +++ b/rootfs/healthcheck.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +# Return codes. + +OK=0 +NOT_OK=1 + +# Tests. + +echo "Doing healthtest." + +exit ${OK}