From 9531f6450cd322f4d37f562f06865bdd94086c20 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Sep 2025 22:14:32 +0000 Subject: [PATCH 1/4] Bump senzing-factory/build-resources from 2 to 3 Bumps [senzing-factory/build-resources](https://github.com/senzing-factory/build-resources) from 2 to 3. - [Release notes](https://github.com/senzing-factory/build-resources/releases) - [Changelog](https://github.com/senzing-factory/build-resources/blob/main/CHANGELOG.md) - [Commits](https://github.com/senzing-factory/build-resources/compare/v2...v3) --- updated-dependencies: - dependency-name: senzing-factory/build-resources dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/add-labels-standardized.yaml | 4 ++-- .github/workflows/add-to-project-g2-python-dependabot.yaml | 4 ++-- .github/workflows/add-to-project-g2-python.yaml | 4 ++-- .github/workflows/add-to-project-garage-dependabot.yaml | 4 ++-- .github/workflows/add-to-project-garage.yaml | 4 ++-- .github/workflows/dependabot-approve-and-merge.yaml | 2 +- .github/workflows/lint-workflows.yaml | 2 +- .github/workflows/move-pr-to-done-g2-python-dependabot.yaml | 2 +- .github/workflows/move-pr-to-done-garage-dependabot.yaml | 2 +- .github/workflows/pytest-darwin.yaml | 4 ++-- .github/workflows/pytest-linux.yaml | 4 ++-- .github/workflows/pytest-windows.yaml | 4 ++-- 12 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml index c7f1c7a..e77d462 100644 --- a/.github/workflows/add-labels-standardized.yaml +++ b/.github/workflows/add-labels-standardized.yaml @@ -14,13 +14,13 @@ jobs: secrets: ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }} SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }} - uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v3 slack-notification: needs: [add-issue-labels] if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-issue-labels.outputs.job-status) }} secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v3 with: job-status: ${{ needs.add-issue-labels.outputs.job-status }} diff --git a/.github/workflows/add-to-project-g2-python-dependabot.yaml b/.github/workflows/add-to-project-g2-python-dependabot.yaml index 28b1df1..463b8dd 100644 --- a/.github/workflows/add-to-project-g2-python-dependabot.yaml +++ b/.github/workflows/add-to-project-g2-python-dependabot.yaml @@ -11,7 +11,7 @@ jobs: add-to-project-dependabot: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v3 with: project: ${{ vars.SENZING_PROJECT_G2_PYTHON }} @@ -20,6 +20,6 @@ jobs: if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-to-project-dependabot.outputs.job-status) }} secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v3 with: job-status: ${{ needs.add-to-project-dependabot.outputs.job-status }} diff --git a/.github/workflows/add-to-project-g2-python.yaml b/.github/workflows/add-to-project-g2-python.yaml index d44967a..72717cf 100644 --- a/.github/workflows/add-to-project-g2-python.yaml +++ b/.github/workflows/add-to-project-g2-python.yaml @@ -13,7 +13,7 @@ jobs: add-to-project: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v3 with: classic: false project-number: ${{ vars.SENZING_PROJECT_G2_PYTHON }} @@ -24,6 +24,6 @@ jobs: if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-to-project.outputs.job-status) }} secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v3 with: job-status: ${{ needs.add-to-project.outputs.job-status }} diff --git a/.github/workflows/add-to-project-garage-dependabot.yaml b/.github/workflows/add-to-project-garage-dependabot.yaml index f71293e..b39fd6c 100644 --- a/.github/workflows/add-to-project-garage-dependabot.yaml +++ b/.github/workflows/add-to-project-garage-dependabot.yaml @@ -11,7 +11,7 @@ jobs: add-to-project-dependabot: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v3 with: project: ${{ vars.SENZING_PROJECT_GARAGE }} @@ -20,6 +20,6 @@ jobs: if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-to-project-dependabot.outputs.job-status) }} secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v3 with: job-status: ${{ needs.add-to-project-dependabot.outputs.job-status }} diff --git a/.github/workflows/add-to-project-garage.yaml b/.github/workflows/add-to-project-garage.yaml index a8b70f2..cc8322c 100644 --- a/.github/workflows/add-to-project-garage.yaml +++ b/.github/workflows/add-to-project-garage.yaml @@ -13,7 +13,7 @@ jobs: add-to-project: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v3 with: classic: false project-number: ${{ vars.SENZING_PROJECT_GARAGE }} @@ -24,6 +24,6 @@ jobs: if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-to-project.outputs.job-status) }} secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v3 with: job-status: ${{ needs.add-to-project.outputs.job-status }} diff --git a/.github/workflows/dependabot-approve-and-merge.yaml b/.github/workflows/dependabot-approve-and-merge.yaml index 326edea..8ae7db6 100644 --- a/.github/workflows/dependabot-approve-and-merge.yaml +++ b/.github/workflows/dependabot-approve-and-merge.yaml @@ -12,4 +12,4 @@ jobs: dependabot-approve-and-merge: secrets: SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v3 diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml index e19c3f8..b7f3fdf 100644 --- a/.github/workflows/lint-workflows.yaml +++ b/.github/workflows/lint-workflows.yaml @@ -14,4 +14,4 @@ permissions: jobs: lint-workflows: - uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v3 diff --git a/.github/workflows/move-pr-to-done-g2-python-dependabot.yaml b/.github/workflows/move-pr-to-done-g2-python-dependabot.yaml index 2634c5e..f07085a 100644 --- a/.github/workflows/move-pr-to-done-g2-python-dependabot.yaml +++ b/.github/workflows/move-pr-to-done-g2-python-dependabot.yaml @@ -12,6 +12,6 @@ jobs: move-pr-to-done-dependabot: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v3 with: project: ${{ vars.SENZING_PROJECT_G2_PYTHON }} diff --git a/.github/workflows/move-pr-to-done-garage-dependabot.yaml b/.github/workflows/move-pr-to-done-garage-dependabot.yaml index c5e0e87..af63c7f 100644 --- a/.github/workflows/move-pr-to-done-garage-dependabot.yaml +++ b/.github/workflows/move-pr-to-done-garage-dependabot.yaml @@ -12,6 +12,6 @@ jobs: move-pr-to-done-dependabot: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v3 with: project: ${{ vars.SENZING_PROJECT_GARAGE }} diff --git a/.github/workflows/pytest-darwin.yaml b/.github/workflows/pytest-darwin.yaml index a167751..c63a8ad 100644 --- a/.github/workflows/pytest-darwin.yaml +++ b/.github/workflows/pytest-darwin.yaml @@ -100,13 +100,13 @@ jobs: permissions: pull-requests: write contents: write - uses: senzing-factory/build-resources/.github/workflows/python-coverage-comment.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/python-coverage-comment.yaml@v3 slack-notification: needs: [pytest-darwin] if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.pytest-darwin.outputs.status ) && github.event_name == 'schedule' }} secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v3 with: job-status: ${{ needs.pytest-darwin.outputs.status }} diff --git a/.github/workflows/pytest-linux.yaml b/.github/workflows/pytest-linux.yaml index 6a12de2..056835b 100644 --- a/.github/workflows/pytest-linux.yaml +++ b/.github/workflows/pytest-linux.yaml @@ -99,13 +99,13 @@ jobs: permissions: pull-requests: write contents: write - uses: senzing-factory/build-resources/.github/workflows/python-coverage-comment.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/python-coverage-comment.yaml@v3 slack-notification: needs: [pytest-linux] if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.pytest-linux.outputs.status ) && (github.ref_name == github.event.repository.default_branch || github.event_name == 'schedule') }} secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v3 with: job-status: ${{ needs.pytest-linux.outputs.status }} diff --git a/.github/workflows/pytest-windows.yaml b/.github/workflows/pytest-windows.yaml index 464cf4b..02b03f7 100644 --- a/.github/workflows/pytest-windows.yaml +++ b/.github/workflows/pytest-windows.yaml @@ -95,13 +95,13 @@ jobs: permissions: pull-requests: write contents: write - uses: senzing-factory/build-resources/.github/workflows/python-coverage-comment.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/python-coverage-comment.yaml@v3 slack-notification: needs: [pytest-windows] if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.pytest-windows.outputs.status ) && github.event_name == 'schedule' }} secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v3 with: job-status: ${{ needs.pytest-windows.outputs.status }} From d00050fee93043db21d26cc0eab500b6651d1e63 Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Mon, 29 Sep 2025 08:36:17 -0700 Subject: [PATCH 2/4] linting updates --- .github/workflows/add-labels-standardized.yaml | 5 +++-- .../add-to-project-g2-python-dependabot.yaml | 5 +++-- .github/workflows/add-to-project-g2-python.yaml | 5 +++-- .../workflows/add-to-project-garage-dependabot.yaml | 5 +++-- .github/workflows/add-to-project-garage.yaml | 5 +++-- .github/workflows/bandit.yaml | 7 ++++--- .github/workflows/bearer.yaml | 5 +++-- .github/workflows/black.yaml | 5 +++-- .github/workflows/check-development-dependencies.yaml | 5 +++-- .github/workflows/dependabot-approve-and-merge.yaml | 7 ++++--- .github/workflows/dependency-scan.yaml | 7 +++++-- .github/workflows/flake8.yaml | 5 +++-- .github/workflows/isort.yaml | 5 +++-- .github/workflows/lint-workflows.yaml | 11 ++++++----- .../move-pr-to-done-g2-python-dependabot.yaml | 5 +++-- .../workflows/move-pr-to-done-garage-dependabot.yaml | 5 +++-- .github/workflows/mypy.yaml | 5 +++-- .github/workflows/pylint.yaml | 5 +++-- .github/workflows/pytest-darwin.yaml | 5 +++-- .github/workflows/pytest-linux.yaml | 5 +++-- .github/workflows/pytest-windows.yaml | 5 +++-- .github/workflows/spellcheck.yaml | 5 +++-- 22 files changed, 73 insertions(+), 49 deletions(-) diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml index e77d462..e36297f 100644 --- a/.github/workflows/add-labels-standardized.yaml +++ b/.github/workflows/add-labels-standardized.yaml @@ -6,11 +6,12 @@ on: - opened - reopened -permissions: - issues: write +permissions: {} jobs: add-issue-labels: + permissions: + issues: write secrets: ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }} SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }} diff --git a/.github/workflows/add-to-project-g2-python-dependabot.yaml b/.github/workflows/add-to-project-g2-python-dependabot.yaml index 463b8dd..fa4de4c 100644 --- a/.github/workflows/add-to-project-g2-python-dependabot.yaml +++ b/.github/workflows/add-to-project-g2-python-dependabot.yaml @@ -4,11 +4,12 @@ on: pull_request: branches: [main] -permissions: - repository-projects: write +permissions: {} jobs: add-to-project-dependabot: + permissions: + repository-projects: write secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v3 diff --git a/.github/workflows/add-to-project-g2-python.yaml b/.github/workflows/add-to-project-g2-python.yaml index 72717cf..a4b51e1 100644 --- a/.github/workflows/add-to-project-g2-python.yaml +++ b/.github/workflows/add-to-project-g2-python.yaml @@ -6,11 +6,12 @@ on: - opened - reopened -permissions: - repository-projects: write +permissions: {} jobs: add-to-project: + permissions: + repository-projects: write secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v3 diff --git a/.github/workflows/add-to-project-garage-dependabot.yaml b/.github/workflows/add-to-project-garage-dependabot.yaml index b39fd6c..48f1ad8 100644 --- a/.github/workflows/add-to-project-garage-dependabot.yaml +++ b/.github/workflows/add-to-project-garage-dependabot.yaml @@ -4,11 +4,12 @@ on: pull_request: branches: [main] -permissions: - repository-projects: write +permissions: {} jobs: add-to-project-dependabot: + permissions: + repository-projects: write secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v3 diff --git a/.github/workflows/add-to-project-garage.yaml b/.github/workflows/add-to-project-garage.yaml index cc8322c..d195882 100644 --- a/.github/workflows/add-to-project-garage.yaml +++ b/.github/workflows/add-to-project-garage.yaml @@ -6,11 +6,12 @@ on: - opened - reopened -permissions: - repository-projects: write +permissions: {} jobs: add-to-project: + permissions: + repository-projects: write secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v3 diff --git a/.github/workflows/bandit.yaml b/.github/workflows/bandit.yaml index d7c2511..bb8e5de 100644 --- a/.github/workflows/bandit.yaml +++ b/.github/workflows/bandit.yaml @@ -6,12 +6,13 @@ on: pull_request: branches: [main] -permissions: - contents: read - pull-requests: write +permissions: {} jobs: bandit: + permissions: + contents: read + pull-requests: write runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/.github/workflows/bearer.yaml b/.github/workflows/bearer.yaml index 94d2329..4963166 100644 --- a/.github/workflows/bearer.yaml +++ b/.github/workflows/bearer.yaml @@ -6,11 +6,12 @@ on: pull_request: branches: [main] -permissions: - contents: read +permissions: {} jobs: rule_check: + permissions: + contents: read runs-on: ubuntu-latest steps: diff --git a/.github/workflows/black.yaml b/.github/workflows/black.yaml index 5ab01a2..9f570c0 100644 --- a/.github/workflows/black.yaml +++ b/.github/workflows/black.yaml @@ -6,12 +6,13 @@ on: pull_request: branches: [main] -permissions: - contents: read +permissions: {} jobs: black: name: black Python ${{ matrix.python-version }} + permissions: + contents: read runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/.github/workflows/check-development-dependencies.yaml b/.github/workflows/check-development-dependencies.yaml index cc3352f..a1e06f3 100644 --- a/.github/workflows/check-development-dependencies.yaml +++ b/.github/workflows/check-development-dependencies.yaml @@ -4,12 +4,13 @@ on: pull_request: branches: [main] -permissions: - contents: read +permissions: {} jobs: check-development-dependencies: name: Check development dependencies + permissions: + contents: read runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/.github/workflows/dependabot-approve-and-merge.yaml b/.github/workflows/dependabot-approve-and-merge.yaml index 8ae7db6..ecee237 100644 --- a/.github/workflows/dependabot-approve-and-merge.yaml +++ b/.github/workflows/dependabot-approve-and-merge.yaml @@ -4,12 +4,13 @@ on: pull_request: branches: [main] -permissions: - contents: write - pull-requests: write +permissions: {} jobs: dependabot-approve-and-merge: + permissions: + contents: write + pull-requests: write secrets: SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v3 diff --git a/.github/workflows/dependency-scan.yaml b/.github/workflows/dependency-scan.yaml index 7c7bff9..f37d1a7 100644 --- a/.github/workflows/dependency-scan.yaml +++ b/.github/workflows/dependency-scan.yaml @@ -4,11 +4,12 @@ on: pull_request: branches: [main] -permissions: - contents: read +permissions: {} jobs: fpvs: + permissions: + contents: read runs-on: ubuntu-latest strategy: fail-fast: false @@ -43,6 +44,8 @@ jobs: fpvs-scan --verbose pip-audit: + permissions: + contents: read runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/.github/workflows/flake8.yaml b/.github/workflows/flake8.yaml index 9f7601f..7436c2c 100644 --- a/.github/workflows/flake8.yaml +++ b/.github/workflows/flake8.yaml @@ -6,12 +6,13 @@ on: pull_request: branches: [main] -permissions: - contents: read +permissions: {} jobs: flake8: name: flake8 Python ${{ matrix.python-version }} + permissions: + contents: read runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/.github/workflows/isort.yaml b/.github/workflows/isort.yaml index 477652a..c98f2d7 100644 --- a/.github/workflows/isort.yaml +++ b/.github/workflows/isort.yaml @@ -6,11 +6,12 @@ on: pull_request: branches: [main] -permissions: - contents: read +permissions: {} jobs: isort: + permissions: + contents: read runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml index b7f3fdf..aa62139 100644 --- a/.github/workflows/lint-workflows.yaml +++ b/.github/workflows/lint-workflows.yaml @@ -6,12 +6,13 @@ on: pull_request: branches: [main] -permissions: - contents: read - packages: read - pull-requests: read - statuses: write +permissions: {} jobs: lint-workflows: + permissions: + contents: read + packages: read + pull-requests: read + statuses: write uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v3 diff --git a/.github/workflows/move-pr-to-done-g2-python-dependabot.yaml b/.github/workflows/move-pr-to-done-g2-python-dependabot.yaml index f07085a..be72a01 100644 --- a/.github/workflows/move-pr-to-done-g2-python-dependabot.yaml +++ b/.github/workflows/move-pr-to-done-g2-python-dependabot.yaml @@ -5,11 +5,12 @@ on: branches: [main] types: [closed] -permissions: - repository-projects: write +permissions: {} jobs: move-pr-to-done-dependabot: + permissions: + repository-projects: write secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v3 diff --git a/.github/workflows/move-pr-to-done-garage-dependabot.yaml b/.github/workflows/move-pr-to-done-garage-dependabot.yaml index af63c7f..8094115 100644 --- a/.github/workflows/move-pr-to-done-garage-dependabot.yaml +++ b/.github/workflows/move-pr-to-done-garage-dependabot.yaml @@ -5,11 +5,12 @@ on: branches: [main] types: [closed] -permissions: - repository-projects: write +permissions: {} jobs: move-pr-to-done-dependabot: + permissions: + repository-projects: write secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v3 diff --git a/.github/workflows/mypy.yaml b/.github/workflows/mypy.yaml index fe83554..acf0c4f 100644 --- a/.github/workflows/mypy.yaml +++ b/.github/workflows/mypy.yaml @@ -6,12 +6,13 @@ on: pull_request: branches: [main] -permissions: - contents: read +permissions: {} jobs: mypy: name: mypy Python ${{ matrix.python-version }} + permissions: + contents: read runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/.github/workflows/pylint.yaml b/.github/workflows/pylint.yaml index 24e1adf..f8ab2b1 100644 --- a/.github/workflows/pylint.yaml +++ b/.github/workflows/pylint.yaml @@ -6,11 +6,12 @@ on: pull_request: branches: [main] -permissions: - contents: read +permissions: {} jobs: pylint: + permissions: + contents: read runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/.github/workflows/pytest-darwin.yaml b/.github/workflows/pytest-darwin.yaml index c63a8ad..9cfcd4d 100644 --- a/.github/workflows/pytest-darwin.yaml +++ b/.github/workflows/pytest-darwin.yaml @@ -11,14 +11,15 @@ env: PYTHONPATH: ${{ github.workspace }}/src SENZING_TOOLS_DATABASE_URL: sqlite3://na:na@nowhere/tmp/sqlite/G2C.db -permissions: - contents: read +permissions: {} jobs: pytest-darwin: name: "pytest with Senzing: ${{ matrix.senzingsdk-version }}; OS: ${{ matrix.os }}; Python ${{ matrix.python-version }}" outputs: status: ${{ job.status }} + permissions: + contents: read runs-on: ${{ matrix.os }} strategy: fail-fast: false diff --git a/.github/workflows/pytest-linux.yaml b/.github/workflows/pytest-linux.yaml index 056835b..8584803 100644 --- a/.github/workflows/pytest-linux.yaml +++ b/.github/workflows/pytest-linux.yaml @@ -11,14 +11,15 @@ env: PYTHONPATH: ${{ github.workspace }}/src SENZING_TOOLS_DATABASE_URL: sqlite3://na:na@nowhere/tmp/sqlite/G2C.db -permissions: - contents: read +permissions: {} jobs: pytest-linux: name: "pytest with Senzing: ${{ matrix.senzingsdk-version }}; OS: ${{ matrix.os }}; Python ${{ matrix.python-version }}" outputs: status: ${{ job.status }} + permissions: + contents: read runs-on: ${{ matrix.os }} strategy: fail-fast: false diff --git a/.github/workflows/pytest-windows.yaml b/.github/workflows/pytest-windows.yaml index 02b03f7..778e67b 100644 --- a/.github/workflows/pytest-windows.yaml +++ b/.github/workflows/pytest-windows.yaml @@ -11,14 +11,15 @@ env: PYTHONPATH: ${{ github.workspace }}/src SENZING_TOOLS_DATABASE_URL: 'sqlite3://na:na@nowhere/C:\Temp\sqlite\G2C.db' -permissions: - contents: read +permissions: {} jobs: pytest-windows: name: "pytest with Senzing: ${{ matrix.senzingsdk-version }}; OS: ${{ matrix.os }}; Python ${{ matrix.python-version }}" outputs: status: ${{ job.status }} + permissions: + contents: read runs-on: ${{ matrix.os }} strategy: fail-fast: false diff --git a/.github/workflows/spellcheck.yaml b/.github/workflows/spellcheck.yaml index b351a53..58b859a 100644 --- a/.github/workflows/spellcheck.yaml +++ b/.github/workflows/spellcheck.yaml @@ -4,11 +4,12 @@ on: pull_request: branches: [main] -permissions: - contents: read +permissions: {} jobs: spellcheck: + permissions: + contents: read runs-on: ubuntu-latest steps: From 82e1bf6f7d965ef4d24df4db841b4b5ae2e8dc9f Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Mon, 29 Sep 2025 08:54:58 -0700 Subject: [PATCH 3/4] linting updates --- .github/linters/zizmor.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .github/linters/zizmor.yaml diff --git a/.github/linters/zizmor.yaml b/.github/linters/zizmor.yaml new file mode 100644 index 0000000..00ea2bb --- /dev/null +++ b/.github/linters/zizmor.yaml @@ -0,0 +1,5 @@ +rules: + unpinned-uses: + config: + policies: + "*": ref-pin From e25cb57cfddc80266fc3b486a6f2f917354bec9e Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Mon, 29 Sep 2025 09:10:33 -0700 Subject: [PATCH 4/4] linting updates --- .github/workflows/add-to-project-g2-python.yaml | 1 - .github/workflows/add-to-project-garage.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/add-to-project-g2-python.yaml b/.github/workflows/add-to-project-g2-python.yaml index a4b51e1..52381d9 100644 --- a/.github/workflows/add-to-project-g2-python.yaml +++ b/.github/workflows/add-to-project-g2-python.yaml @@ -16,7 +16,6 @@ jobs: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v3 with: - classic: false project-number: ${{ vars.SENZING_PROJECT_G2_PYTHON }} org: ${{ vars.SENZING_GITHUB_ACCOUNT_NAME }} diff --git a/.github/workflows/add-to-project-garage.yaml b/.github/workflows/add-to-project-garage.yaml index d195882..e2007a7 100644 --- a/.github/workflows/add-to-project-garage.yaml +++ b/.github/workflows/add-to-project-garage.yaml @@ -16,7 +16,6 @@ jobs: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v3 with: - classic: false project-number: ${{ vars.SENZING_PROJECT_GARAGE }} org: ${{ vars.SENZING_GITHUB_ACCOUNT_NAME }}