From d7c310859bd03e3a59ff77f3db9fa029f9c58458 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Jun 2024 17:33:18 -0400
Subject: [PATCH] Bump senzing-factory/build-resources from 1 to 2 (#262)

* Bump senzing-factory/build-resources from 1 to 2

Bumps [senzing-factory/build-resources](https://github.com/senzing-factory/build-resources) from 1 to 2.
- [Release notes](https://github.com/senzing-factory/build-resources/releases)
- [Changelog](https://github.com/senzing-factory/build-resources/blob/main/CHANGELOG.md)
- [Commits](https://github.com/senzing-factory/build-resources/compare/v1...v2)

---
updated-dependencies:
- dependency-name: senzing-factory/build-resources
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix linting

* Added OpenAPI exceptions

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sam <109683132+kernelsam@users.noreply.github.com>
Co-authored-by: Michael Dockter <michael@dockter.com>
---
 .github/linters/.checkov.yaml                          |  6 ++++++
 .github/linters/.jscpd.json                            |  3 +++
 .github/workflows/add-labels-standardized.yaml         |  2 +-
 .../add-to-project-app-server-dependabot.yaml          |  2 +-
 .github/workflows/add-to-project-app-server.yaml       |  2 +-
 .github/workflows/docker-build-container.yaml          |  3 +++
 .../docker-push-containers-to-dockerhub-and-ecr.yaml   |  5 ++++-
 .github/workflows/lint-workflows.yaml                  |  2 +-
 .github/workflows/move-pr-to-done-dependabot.yaml      |  2 +-
 Dockerfile                                             | 10 +++++-----
 10 files changed, 26 insertions(+), 11 deletions(-)
 create mode 100644 .github/linters/.checkov.yaml
 create mode 100644 .github/linters/.jscpd.json

diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml
new file mode 100644
index 0000000..26e0491
--- /dev/null
+++ b/.github/linters/.checkov.yaml
@@ -0,0 +1,6 @@
+quiet: true
+skip-check:
+  - CKV_DOCKER_7
+  - CKV_OPENAPI_4
+  - CKV_OPENAPI_5
+  - CKV_OPENAPI_21
diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json
new file mode 100644
index 0000000..4109776
--- /dev/null
+++ b/.github/linters/.jscpd.json
@@ -0,0 +1,3 @@
+{
+  "threshold": 8
+}
\ No newline at end of file
diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml
index 50687a5..01aa8a1 100644
--- a/.github/workflows/add-labels-standardized.yaml
+++ b/.github/workflows/add-labels-standardized.yaml
@@ -14,4 +14,4 @@ jobs:
     secrets:
       ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }}
       SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }}
-    uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v1
+    uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v2
diff --git a/.github/workflows/add-to-project-app-server-dependabot.yaml b/.github/workflows/add-to-project-app-server-dependabot.yaml
index 379db2c..9b9ce00 100644
--- a/.github/workflows/add-to-project-app-server-dependabot.yaml
+++ b/.github/workflows/add-to-project-app-server-dependabot.yaml
@@ -11,6 +11,6 @@ jobs:
   add-to-project-dependabot:
     secrets:
       SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}
-    uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v1
+    uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v2
     with:
       project: ${{ vars.SENZING_PROJECT_APP_SERVER }}
diff --git a/.github/workflows/add-to-project-app-server.yaml b/.github/workflows/add-to-project-app-server.yaml
index e57027d..0fc5789 100644
--- a/.github/workflows/add-to-project-app-server.yaml
+++ b/.github/workflows/add-to-project-app-server.yaml
@@ -13,7 +13,7 @@ jobs:
   add-to-project:
     secrets:
       SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}
-    uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v1
+    uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v2
     with:
       classic: false
       project-number: ${{ vars.SENZING_PROJECT_APP_SERVER}}
diff --git a/.github/workflows/docker-build-container.yaml b/.github/workflows/docker-build-container.yaml
index 1af6c37..629d4c3 100644
--- a/.github/workflows/docker-build-container.yaml
+++ b/.github/workflows/docker-build-container.yaml
@@ -2,6 +2,9 @@ name: docker build container
 
 on: [push]
 
+permissions:
+  contents: read
+
 jobs:
   docker-build-container:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/docker-push-containers-to-dockerhub-and-ecr.yaml b/.github/workflows/docker-push-containers-to-dockerhub-and-ecr.yaml
index 326b258..1e6b3a9 100644
--- a/.github/workflows/docker-push-containers-to-dockerhub-and-ecr.yaml
+++ b/.github/workflows/docker-push-containers-to-dockerhub-and-ecr.yaml
@@ -5,6 +5,9 @@ on:
     tags:
       - "[0-9]+.[0-9]+.[0-9]+"
 
+permissions:
+  contents: read
+
 jobs:
   docker-push-containers-to-dockerhub-and-ecr:
     permissions:
@@ -14,7 +17,7 @@ jobs:
       AWS_DOCKER_ACCOUNT_ID: ${{ secrets.AWS_DOCKER_ACCOUNT_ID }}
       DOCKERHUB_ACCESS_TOKEN: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
-    uses: senzing-factory/build-resources/.github/workflows/docker-push-containers-to-dockerhub-and-ecr.yaml@v1
+    uses: senzing-factory/build-resources/.github/workflows/docker-push-containers-to-dockerhub-and-ecr.yaml@v2
     with:
       build-options: "--push"
       docker-image-repository: senzing/senzing-poc-server
diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml
index 1bcd936..c471330 100644
--- a/.github/workflows/lint-workflows.yaml
+++ b/.github/workflows/lint-workflows.yaml
@@ -14,4 +14,4 @@ permissions:
 
 jobs:
   lint-workflows:
-    uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v1
+    uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v2
diff --git a/.github/workflows/move-pr-to-done-dependabot.yaml b/.github/workflows/move-pr-to-done-dependabot.yaml
index 3896a4f..45e1bc1 100644
--- a/.github/workflows/move-pr-to-done-dependabot.yaml
+++ b/.github/workflows/move-pr-to-done-dependabot.yaml
@@ -12,6 +12,6 @@ jobs:
   move-pr-to-done-dependabot:
     secrets:
       SENZING_GITHUB_PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}
-    uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v1
+    uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v2
     with:
       project: ${{ vars.SENZING_PROJECT_APP_SERVER }}
diff --git a/Dockerfile b/Dockerfile
index a9659c2..6ca08e1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -59,10 +59,10 @@ HEALTHCHECK CMD ["/app/healthcheck.sh"]
 
 USER root
 
-# Install packages via apt.
+# Install packages via apt-get.
 
-RUN apt update \
-  && apt -y install \
+RUN apt-get update \
+  && apt-get -y install \
   gnupg2 \
   jq \
   libodbc1 \
@@ -77,8 +77,8 @@ RUN mkdir -p /etc/apt/keyrings \
 
 RUN echo "deb [signed-by=/etc/apt/keyrings/adoptium.asc] https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" >> /etc/apt/sources.list
 
-RUN apt update \
-  && apt install -y temurin-11-jdk \
+RUN apt-get update \
+  && apt-get install -y temurin-11-jdk \
   && rm -rf /var/lib/apt/lists/*
 
 # Copy files from repository.