Bump senzing-factory/build-resources from 1 to 2 (#23)

* Bump senzing-factory/build-resources from 1 to 2

Bumps [senzing-factory/build-resources](https://github.com/senzing-factory/build-resources) from 1 to 2.
- [Release notes](https://github.com/senzing-factory/build-resources/releases)
- [Changelog](https://github.com/senzing-factory/build-resources/blob/main/CHANGELOG.md)
- [Commits](senzing-factory/build-resources@v1...v2)

---
updated-dependencies:
- dependency-name: senzing-factory/build-resources
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* add checkov config, healthcheck, and update workflow permissions

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sam <[email protected]>

.github/linters/.checkov.yaml

@@ -0,0 +1,2 @@
+quiet: true
+skip-check: CKV_DOCKER_7

.github/linters/.jscpd.json

@@ -0,0 +1,3 @@
+{
+  "threshold": 32
+}

.github/workflows/add-labels-standardized.yaml

@@ -6,11 +6,12 @@ on:
       - opened
       - reopened
 
+permissions:
+  issues: write
+
 jobs:
   add-issue-labels:
-    permissions:
-      issues: write
     secrets:
       ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }}
       SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }}
-    uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v1
+    uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v2

.github/workflows/add-to-project-community-dependabot.yaml

@@ -8,6 +8,9 @@ env:
   CREATOR: ${{ github.event.pull_request.user.login }}
   GITHUB_TOKEN: ${{ secrets.SENZING_GITHUB_ACCESS_TOKEN }}
 
+permissions:
+  repository-projects: write
+
 jobs:
   add-to-project-dependabot:
     name: add issue to Senzing Community project

.github/workflows/add-to-project-community.yaml

@@ -6,6 +6,9 @@ on:
       - opened
       - reopened
 
+permissions:
+  repository-projects: write
+
 jobs:
   add-to-project:
     name: add issue to project

.github/workflows/lint-workflows.yaml

@@ -14,4 +14,4 @@ permissions:
 
 jobs:
   lint-workflows:
-    uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v1
+    uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v2

.github/workflows/move-pr-to-done-dependabot.yaml

@@ -5,8 +5,11 @@ on:
     branches: [main]
     types: [closed]
 
+permissions:
+  repository-projects: write
+
 jobs:
   move-pr-to-done-dependabot:
     secrets:
       SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}
-    uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done.yaml@v1
+    uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done.yaml@v2

.github/workflows/pylint.yaml

@@ -2,6 +2,9 @@ name: pylint
 
 on: [push]
 
+permissions:
+  contents: read
+
 jobs:
   pylint:
     runs-on: ubuntu-latest

Dockerfile

@@ -4,8 +4,8 @@ FROM ${BASE_IMAGE}
 ENV REFRESHED_AT=2022-12-21
 
 LABEL Name="senzing/code-snippets" \
-      Maintainer="[email protected]" \
-      Version="0.0.1"
+  Maintainer="[email protected]" \
+  Version="0.0.1"
 
 # Run as "root" for system installation.
 
@@ -14,24 +14,26 @@ USER root
 # Install packages via apt.
 
 RUN apt-get update \
- && apt-get -y install \
-      vim \
-      nano \
-      curl \
-      less \
-      python3 \
-      ipython3 \
-      python3-pip \
-      python3-virtualenv \
-      python3-venv \
- && rm -rf /var/lib/apt/lists/*
+  && apt-get -y install \
+  vim \
+  nano \
+  curl \
+  less \
+  python3 \
+  ipython3 \
+  python3-pip \
+  python3-virtualenv \
+  python3-venv \
+  && rm -rf /var/lib/apt/lists/*
 
 ## Copy files from repository.
 
 COPY ./Python/ /code-snippets/Python
 COPY ./Resources/ /code-snippets/Resources
 COPY ./rootfs /
 
+HEALTHCHECK CMD ["/app/healthcheck.sh"]
+
 # Make non-root container.
 
 USER 1001