#30 Update to template

Author: docktermj

.github/dependabot.yml

@@ -3,11 +3,15 @@
 
 version: 2
 updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
+  - package-ecosystem: github-actions
+    directory: /
     schedule:
-      interval: "daily"
-  - package-ecosystem: "pip"
-    directory: "/"
+      interval: daily
+  - package-ecosystem: docker
+    directory: /
     schedule:
-      interval: "daily"
+      interval: daily
+  - package-ecosystem: pip
+    directory: /
+    schedule:
+      interval: daily

.github/linters/.checkov.yaml

@@ -0,0 +1,3 @@
+quiet: true
+skip-check:
+  - CKV_DOCKER_7

.github/linters/.jscpd.json

@@ -1,3 +1 @@
-{
-  "threshold": 3
-}
+{}

.github/linters/README.md

@@ -0,0 +1,33 @@
+# Linters
+
+## .jscpd.json
+
+- [.jscpd.json]
+- Used by [lint-workflows.yaml]
+- [jscpd]
+  - [jscpd configuration]
+  - Example:
+
+      ```json
+      {
+      "ignore": [
+          "**/*.go,**/go-test*.yaml"
+      ],
+      "threshold": 10
+      }
+      ```
+
+## .yaml-lint.yml
+
+- [.yaml-lint.yml]
+- Used by [lint-workflows.yaml]
+- [yaml-lint]
+  - [yaml-lint configuration]
+
+[.jscpd.json]: .jscpd.json
+[.yaml-lint.yml]: .yaml-lint.yml
+[jscpd configuration]: https://github.com/kucherenko/jscpd/tree/master/apps/jscpd#options
+[jscpd]: https://github.com/kucherenko/jscpd
+[lint-workflows.yaml]: ../workflows/README.md#lint-workflowsyaml
+[yaml-lint configuration]: https://yamllint.readthedocs.io/en/stable/configuration.html
+[yaml-lint]: https://github.com/adrienverge/yamllint

.github/workflows/README.md

@@ -0,0 +1,217 @@
+# Workflows
+
+## add-labels-standardized.yaml
+
+When issues are opened,
+this action adds appropriate labels to the issue.
+(e.g. "triage", "customer-submission")
+
+- [Add Labels Standardized GitHub action]
+  - Uses: [senzing-factory/build-resources/.../add-labels-to-issue.yaml]
+
+## add-to-project-garage-dependabot.yaml
+
+When a Dependabot Pull Request (PR) is made against `main` branch,
+this action adds the PR to the "Garage" project board as "In Progress".
+
+- [Add to Project Garage Dependabot GitHub action]
+  - Uses: [senzing-factory/build-resources/.../add-to-project-dependabot.yaml]
+
+## add-to-project-garage.yaml
+
+When an issue is created,
+this action adds the issue to the "Garage" board as "Backlog".
+
+- [Add to Project Garage GitHub action]
+  - Uses: [senzing-factory/build-resources/.../add-to-project.yaml]
+
+## bandit.yaml
+
+When a Pull Request (PR) is made against `main` branch,
+this action runs [Bandit] to detect security issues.
+
+- [bandit.yaml]
+  - Uses: [lukehinds/bandit-action]
+
+## black.yaml
+
+When a change is committed to GitHub or a Pull Request is made against the `main` branch,
+this action runs the [Black] code formatter.
+
+- [black.yaml]
+
+## dependabot-approve-and-merge.yaml
+
+When a Dependabot Pull Request (PR) is made against the `main` branch,
+this action determines if it should be automatically approved and merged into the `main` branch.
+Once this action occurs [move-pr-to-done-dependabot.yaml] moves the PR on the "Garage" project board to "Done".
+
+- [Dependabot Approve and Merge GitHub action]
+  - Uses: [senzing-factory/build-resources/.../dependabot-approve-and-merge.yaml]
+
+## dependency-scan.yaml
+
+When a Pull Request is made against the `main` branch,
+this action runs [Fast Python Vulnerability Scanner] and [pip-audit].
+
+- [dependency-scan.yaml]
+  - Uses:
+    - [Fast Python Vulnerability Scanner]
+    - [pypa/gh-action-pip-audit]
+
+## docker-build-container.yaml
+
+When a Pull Request is made against the `main` branch,
+this action verifies that the `Dockerfile` can be successfully built.
+
+*Note:* The Docker image is **not** pushed to [DockerHub].
+
+- [Docker Build Container GitHub action]
+  - Uses: [senzing-factory/github-action-docker-buildx-build]
+
+## docker-push-containers-to-dockerhub.yaml
+
+After a [Semantic Version] release is created,
+this action builds Docker images on multiple architectures and pushes the Docker images to [DockerHub].
+
+- [Docker Push Containers to DockerHub GitHub action]
+  - Uses: [senzing-factory/github-action-docker-buildx-build]
+
+## flake8.yaml
+
+When a change is committed to GitHub or a Pull Request is made against the `main` branch,
+this action runs [flake8] for Python style enforcement.
+
+- [flake8.yaml]
+  - Uses: [py-actions/flake8]
+
+## isort.yaml
+
+When a change is committed to GitHub or a Pull Request is made against the `main` branch,
+this action runs [isort] to sort the Python import statements
+
+- [isort.yaml]
+  - Uses: [isort/isort-action]
+
+## lint-workflows.yaml
+
+When a change is committed to GitHub or a Pull Request is made against the `main` branch,
+this action runs [super-linter] to run multiple linters against the code.
+
+- [Lint Workflows GitHub action]
+  - Configuration:
+    - [.checkov.yaml]
+    - [.jscpd.json]
+    - [.yaml-lint.yml]
+  - Uses: [senzing-factory/build-resources/.../lint-workflows.yaml]
+
+## move-pr-to-done-dependabot.yaml
+
+When a Pull Request is merged into the `main` branch,
+this action moves the PR on the "Garage" project board to "Done".
+
+- [Move PR to Done Dependabot GitHub action]
+  - Uses: [senzing-factory/build-resources/.../move-pr-to-done-dependabot.yaml]
+
+## mypy.yaml
+
+When a change is committed to GitHub or a Pull Request is made against the `main` branch,
+this action runs [mypy] to perform static type checking.
+
+- [mypy.yaml]
+
+## pylint.yaml
+
+When a change is committed to GitHub,
+this action runs [pylint] to perform static code analysis.
+
+- [pylint.yaml]
+
+## pytest-darwin.yaml
+
+When a Pull Request is merged into the `main` branch,
+this action runs [pytest] on the Darwin/macOS platform to perform unit tests and code coverage.
+
+- [pytest-darwin.yaml]
+  - Uses:
+    - [actions/checkout]
+    - [actions/setup-python]
+    - [senzing-factory/github-action-install-senzing-api]
+    - [pytest]
+    - [actions/upload-artifact]
+
+## pytest-linux.yaml
+
+When a change is committed to GitHub or a Pull Request is made against the `main` branch,
+this action runs [pytest] on the Linux platform to perform unit tests and code coverage.
+
+- [pytest-linux.yaml]
+  - Uses:
+    - [actions/checkout]
+    - [actions/setup-python]
+    - [senzing-factory/github-action-install-senzing-api]
+    - [pytest]
+    - [actions/upload-artifact]
+
+## pytest-windows.yaml
+
+When a Pull Request is merged into the `main` branch,
+this action runs [pytest] on the Windows platform to perform unit tests and code coverage.
+
+- [pytest-windows.yaml]
+  - Uses:
+    - [actions/checkout]
+    - [actions/setup-python]
+    - [senzing-factory/github-action-install-senzing-api]
+    - [pytest]
+    - [actions/upload-artifact]
+
+[.checkov.yaml]:  ../linters/README.md#checkovyaml
+[.jscpd.json]: ../linters/README.md#jscpdjson
+[.yaml-lint.yml]: ../linters/README.md#yaml-lintyml
+[actions/checkout]: https://github.com/actions/checkout
+[actions/setup-python]: https://github.com/actions/setup-python
+[actions/upload-artifact]: https://github.com/actions/upload-artifact
+[Add Labels Standardized GitHub action]: add-labels-standardized.yaml
+[Add to Project Garage Dependabot GitHub action]: add-to-project-garage-dependabot.yaml
+[Add to Project Garage GitHub action]: add-to-project-garage.yaml
+[bandit.yaml]: bandit.yaml
+[Bandit]: https://bandit.readthedocs.io/en/latest/
+[black.yaml]: black.yaml
+[Black]: https://github.com/psf/black
+[Dependabot Approve and Merge GitHub action]: dependabot-approve-and-merge.yaml
+[dependency-scan.yaml]: dependency-scan.yaml
+[Docker Build Container GitHub action]: docker-build-container.yaml
+[Docker Push Containers to DockerHub GitHub action]: docker-push-containers-to-dockerhub.yaml
+[DockerHub]: <https://hub.docker.com/>
+[Fast Python Vulnerability Scanner]: https://github.com/vanschelven/fpvs/
+[flake8.yaml]: flake8.yaml
+[flake8]: https://flake8.pycqa.org/en/latest/
+[isort.yaml]: isort.yaml
+[isort]: https://pycqa.github.io/isort/
+[isort/isort-action]: https://github.com/isort/isort-action
+[Lint Workflows GitHub action]: lint-workflows.yaml
+[lukehinds/bandit-action]: https://github.com/lukehinds/bandit-action
+[Move PR to Done Dependabot GitHub action]: move-pr-to-done-dependabot.yaml
+[move-pr-to-done-dependabot.yaml]: move-pr-to-done-dependabotyaml
+[mypy.yaml]: mypy.yaml
+[mypy]: https://mypy-lang.org/
+[pip-audit]: https://github.com/pypa/pip-audit
+[py-actions/flake8]: https://github.com/py-actions/flake8
+[pylint.yaml]: pylint.yaml
+[pylint]: https://pypi.org/project/pylint/
+[pypa/gh-action-pip-audit]: https://github.com/pypa/gh-action-pip-audit
+[pytest-darwin.yaml]: pytest-darwin.yaml
+[pytest-linux.yaml]: pytest-linux.yaml
+[pytest-windows.yaml]: pytest-windows.yaml
+[pytest]: https://docs.pytest.org/en/stable/
+[Semantic Version]: https://semver.org/
+[senzing-factory/build-resources/.../add-labels-to-issue.yaml]: https://github.com/senzing-factory/build-resources/blob/main/.github/workflows/add-labels-to-issue.yaml
+[senzing-factory/build-resources/.../add-to-project-dependabot.yaml]: https://github.com/senzing-factory/build-resources/blob/main/.github/workflows/add-to-project-dependabot.yaml
+[senzing-factory/build-resources/.../add-to-project.yaml]: https://github.com/senzing-factory/build-resources/blob/main/.github/workflows/add-to-project.yaml
+[senzing-factory/build-resources/.../dependabot-approve-and-merge.yaml]: https://github.com/senzing-factory/build-resources/blob/main/.github/workflows/dependabot-approve-and-merge.yaml
+[senzing-factory/build-resources/.../lint-workflows.yaml]: https://github.com/senzing-factory/build-resources/blob/main/.github/workflows/lint-workflows.yaml
+[senzing-factory/build-resources/.../move-pr-to-done-dependabot.yaml]: https://github.com/senzing-factory/build-resources/blob/main/.github/workflows/move-pr-to-done-dependabot.yaml
+[senzing-factory/github-action-docker-buildx-build]: https://github.com/senzing-factory/github-action-docker-buildx-build
+[senzing-factory/github-action-install-senzing-api]: https://github.com/senzing-factory/github-action-install-senzing-api
+[super-linter]: https://github.com/super-linter/super-linter

.github/workflows/add-labels-standardized.yaml

@@ -1,4 +1,4 @@
-name: add labels standardized
+name: Add labels standardized
 
 on:
   issues:

.github/workflows/add-to-project-garage-dependabot.yaml

@@ -1,4 +1,4 @@
-name: add to project garage dependabot
+name: Add to project garage dependabot
 
 on:
   pull_request:

.github/workflows/add-to-project-garage.yaml

@@ -1,4 +1,4 @@
-name: add to project garage
+name: Add to project garage
 
 on:
   issues:

.github/workflows/bandit.yaml

@@ -17,11 +17,13 @@ jobs:
         python-version: ["3.11"]
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
       - name: Run Bandit Scan
         uses: lukehinds/bandit-action@new-action
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          path: "examples src"
+          path: "src examples"
           recursive: "true"

.github/workflows/black.yaml

@@ -15,19 +15,20 @@ jobs:
         python-version: ["3.8", "3.9", "3.10", "3.11"]
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-      - uses: actions/setup-python@v5
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
 
-      - name: update pip
-        run: python3 -m pip install --upgrade pip
-
-      - name: pip install python packages for testing
-        run: pip install black
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install black
 
-      - name: black testing
+      - name: Run black testing
         run: |
           # shellcheck disable=SC2046
           black --diff --check $(git ls-files '*.py' ':!:docs/source/*')

.github/workflows/dependabot-approve-and-merge.yaml

@@ -1,4 +1,4 @@
-name: dependabot approve and merge
+name: Dependabot approve and merge
 
 on:
   pull_request: