From 307825aad776c95a0e5ba5b8d2b96d051678af01 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 Sep 2025 07:08:43 +0000 Subject: [PATCH 1/3] Bump senzing-factory/build-resources from 2 to 3 Bumps [senzing-factory/build-resources](https://github.com/senzing-factory/build-resources) from 2 to 3. - [Release notes](https://github.com/senzing-factory/build-resources/releases) - [Changelog](https://github.com/senzing-factory/build-resources/blob/main/CHANGELOG.md) - [Commits](https://github.com/senzing-factory/build-resources/compare/v2...v3) --- updated-dependencies: - dependency-name: senzing-factory/build-resources dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/add-labels-standardized.yaml | 4 ++-- .github/workflows/add-to-project-senzing-dependabot.yaml | 4 ++-- .github/workflows/add-to-project-senzing.yaml | 4 ++-- .github/workflows/dependabot-approve-and-merge.yaml | 2 +- .github/workflows/lint-workflows.yaml | 2 +- .github/workflows/move-pr-to-done-dependabot.yaml | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml index 2802969..1629140 100644 --- a/.github/workflows/add-labels-standardized.yaml +++ b/.github/workflows/add-labels-standardized.yaml @@ -14,13 +14,13 @@ jobs: secrets: ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }} SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }} - uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v3 slack-notification: needs: [add-issue-labels] if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-issue-labels.outputs.job-status) }} secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v3 with: job-status: ${{ needs.add-issue-labels.outputs.job-status }} diff --git a/.github/workflows/add-to-project-senzing-dependabot.yaml b/.github/workflows/add-to-project-senzing-dependabot.yaml index fc9cf52..51bec18 100644 --- a/.github/workflows/add-to-project-senzing-dependabot.yaml +++ b/.github/workflows/add-to-project-senzing-dependabot.yaml @@ -11,7 +11,7 @@ jobs: add-to-project-dependabot: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v3 with: project: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} @@ -20,6 +20,6 @@ jobs: if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-to-project-dependabot.outputs.job-status) }} secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v3 with: job-status: ${{ needs.add-to-project-dependabot.outputs.job-status }} diff --git a/.github/workflows/add-to-project-senzing.yaml b/.github/workflows/add-to-project-senzing.yaml index 627f1da..0181cab 100644 --- a/.github/workflows/add-to-project-senzing.yaml +++ b/.github/workflows/add-to-project-senzing.yaml @@ -13,7 +13,7 @@ jobs: add-to-project: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v3 with: classic: false project-number: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} @@ -24,6 +24,6 @@ jobs: if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-to-project.outputs.job-status) }} secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v3 with: job-status: ${{ needs.add-to-project.outputs.job-status }} diff --git a/.github/workflows/dependabot-approve-and-merge.yaml b/.github/workflows/dependabot-approve-and-merge.yaml index 326edea..8ae7db6 100644 --- a/.github/workflows/dependabot-approve-and-merge.yaml +++ b/.github/workflows/dependabot-approve-and-merge.yaml @@ -12,4 +12,4 @@ jobs: dependabot-approve-and-merge: secrets: SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v3 diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml index c471330..d2384c6 100644 --- a/.github/workflows/lint-workflows.yaml +++ b/.github/workflows/lint-workflows.yaml @@ -14,4 +14,4 @@ permissions: jobs: lint-workflows: - uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v3 diff --git a/.github/workflows/move-pr-to-done-dependabot.yaml b/.github/workflows/move-pr-to-done-dependabot.yaml index 72b1f5f..b781e9f 100644 --- a/.github/workflows/move-pr-to-done-dependabot.yaml +++ b/.github/workflows/move-pr-to-done-dependabot.yaml @@ -12,6 +12,6 @@ jobs: move-pr-to-done-dependabot: secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v2 + uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v3 with: project: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} From 337a4201291ebb46297fccd44acd8cec91926953 Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Wed, 8 Oct 2025 11:34:06 -0700 Subject: [PATCH 2/3] update linting --- .github/linters | 5 +++++ .github/workflows/add-labels-standardized.yaml | 5 +++-- .../workflows/add-to-project-senzing-dependabot.yaml | 5 +++-- .github/workflows/add-to-project-senzing.yaml | 6 +++--- .github/workflows/dependabot-approve-and-merge.yaml | 7 ++++--- .github/workflows/lint-workflows.yaml | 11 ++++++----- .github/workflows/move-pr-to-done-dependabot.yaml | 5 +++-- .github/workflows/spellcheck.yaml | 7 +++++-- 8 files changed, 32 insertions(+), 19 deletions(-) create mode 100644 .github/linters diff --git a/.github/linters b/.github/linters new file mode 100644 index 0000000..00ea2bb --- /dev/null +++ b/.github/linters @@ -0,0 +1,5 @@ +rules: + unpinned-uses: + config: + policies: + "*": ref-pin diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml index 1629140..38b4e6f 100644 --- a/.github/workflows/add-labels-standardized.yaml +++ b/.github/workflows/add-labels-standardized.yaml @@ -6,11 +6,12 @@ on: - opened - reopened -permissions: - issues: write +permissions: {} jobs: add-issue-labels: + permissions: + issues: write secrets: ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }} SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }} diff --git a/.github/workflows/add-to-project-senzing-dependabot.yaml b/.github/workflows/add-to-project-senzing-dependabot.yaml index 51bec18..9b1a0e4 100644 --- a/.github/workflows/add-to-project-senzing-dependabot.yaml +++ b/.github/workflows/add-to-project-senzing-dependabot.yaml @@ -4,11 +4,12 @@ on: pull_request: branches: [main] -permissions: - repository-projects: write +permissions: {} jobs: add-to-project-dependabot: + permissions: + repository-projects: write secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v3 diff --git a/.github/workflows/add-to-project-senzing.yaml b/.github/workflows/add-to-project-senzing.yaml index 0181cab..870bcca 100644 --- a/.github/workflows/add-to-project-senzing.yaml +++ b/.github/workflows/add-to-project-senzing.yaml @@ -6,16 +6,16 @@ on: - opened - reopened -permissions: - repository-projects: write +permissions: {} jobs: add-to-project: + permissions: + repository-projects: write secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v3 with: - classic: false project-number: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} org: ${{ vars.SENZING_GITHUB_ACCOUNT_NAME }} diff --git a/.github/workflows/dependabot-approve-and-merge.yaml b/.github/workflows/dependabot-approve-and-merge.yaml index 8ae7db6..ecee237 100644 --- a/.github/workflows/dependabot-approve-and-merge.yaml +++ b/.github/workflows/dependabot-approve-and-merge.yaml @@ -4,12 +4,13 @@ on: pull_request: branches: [main] -permissions: - contents: write - pull-requests: write +permissions: {} jobs: dependabot-approve-and-merge: + permissions: + contents: write + pull-requests: write secrets: SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v3 diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml index d2384c6..a119dda 100644 --- a/.github/workflows/lint-workflows.yaml +++ b/.github/workflows/lint-workflows.yaml @@ -6,12 +6,13 @@ on: pull_request: branches: [main] -permissions: - contents: read - packages: read - pull-requests: read - statuses: write +permissions: {} jobs: lint-workflows: + permissions: + contents: read + packages: read + pull-requests: read + statuses: write uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v3 diff --git a/.github/workflows/move-pr-to-done-dependabot.yaml b/.github/workflows/move-pr-to-done-dependabot.yaml index b781e9f..d6cd67c 100644 --- a/.github/workflows/move-pr-to-done-dependabot.yaml +++ b/.github/workflows/move-pr-to-done-dependabot.yaml @@ -5,11 +5,12 @@ on: branches: [main] types: [closed] -permissions: - repository-projects: write +permissions: {} jobs: move-pr-to-done-dependabot: + permissions: + repository-projects: write secrets: SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v3 diff --git a/.github/workflows/spellcheck.yaml b/.github/workflows/spellcheck.yaml index bdd3f9d..8e8f35b 100644 --- a/.github/workflows/spellcheck.yaml +++ b/.github/workflows/spellcheck.yaml @@ -4,15 +4,18 @@ on: pull_request: branches: [main] -permissions: - contents: read +permissions: {} jobs: spellcheck: + permissions: + contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 + with: + persist-credentials: false - uses: streetsidesoftware/cspell-action@v7 with: From 90df4b5ca983db2e666d797fa384ec23bb0efa8c Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Wed, 8 Oct 2025 11:52:30 -0700 Subject: [PATCH 3/3] update linting --- .github/{linters => linters/zizmor.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/{linters => linters/zizmor.yaml} (100%) diff --git a/.github/linters b/.github/linters/zizmor.yaml similarity index 100% rename from .github/linters rename to .github/linters/zizmor.yaml