From 396f4b36c01fce84d3b9f1ae25acefc195cad2ab Mon Sep 17 00:00:00 2001
From: Sam <109683132+kernelsam@users.noreply.github.com>
Date: Wed, 29 May 2024 10:44:34 -0700
Subject: [PATCH] add jscpd config and workflow permissions

---
 .github/linters/.jscpd.json                                | 3 +++
 .github/workflows/add-labels-standardized.yaml             | 5 +++--
 .github/workflows/add-to-project-community-dependabot.yaml | 3 +++
 .github/workflows/add-to-project-community.yaml            | 3 +++
 .github/workflows/move-pr-to-done-dependabot.yaml          | 3 +++
 .github/workflows/pylint.yaml                              | 3 +++
 6 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 .github/linters/.jscpd.json

diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json
new file mode 100644
index 0000000..e466020
--- /dev/null
+++ b/.github/linters/.jscpd.json
@@ -0,0 +1,3 @@
+{
+  "threshold": 7
+}
\ No newline at end of file
diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml
index 38483d9..01aa8a1 100644
--- a/.github/workflows/add-labels-standardized.yaml
+++ b/.github/workflows/add-labels-standardized.yaml
@@ -6,10 +6,11 @@ on:
       - opened
       - reopened
 
+permissions:
+  issues: write
+
 jobs:
   add-issue-labels:
-    permissions:
-      issues: write
     secrets:
       ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }}
       SENZING_MEMBERS: ${{ secrets.SENZING_MEMBERS }}
diff --git a/.github/workflows/add-to-project-community-dependabot.yaml b/.github/workflows/add-to-project-community-dependabot.yaml
index ca381ee..ca13aa9 100644
--- a/.github/workflows/add-to-project-community-dependabot.yaml
+++ b/.github/workflows/add-to-project-community-dependabot.yaml
@@ -8,6 +8,9 @@ env:
   CREATOR: ${{ github.event.pull_request.user.login }}
   GITHUB_TOKEN: ${{ secrets.SENZING_GITHUB_ACCESS_TOKEN }}
 
+permissions:
+  repository-projects: write
+
 jobs:
   add-to-project-dependabot:
     name: add issue to Senzing Community project
diff --git a/.github/workflows/add-to-project-community.yaml b/.github/workflows/add-to-project-community.yaml
index 2c76520..25cddf3 100644
--- a/.github/workflows/add-to-project-community.yaml
+++ b/.github/workflows/add-to-project-community.yaml
@@ -6,6 +6,9 @@ on:
       - opened
       - reopened
 
+permissions:
+  repository-projects: write
+
 jobs:
   add-to-project:
     name: add issue to project
diff --git a/.github/workflows/move-pr-to-done-dependabot.yaml b/.github/workflows/move-pr-to-done-dependabot.yaml
index 63c6908..68bcb82 100644
--- a/.github/workflows/move-pr-to-done-dependabot.yaml
+++ b/.github/workflows/move-pr-to-done-dependabot.yaml
@@ -5,6 +5,9 @@ on:
     branches: [main]
     types: [closed]
 
+permissions:
+  repository-projects: write
+
 jobs:
   move-pr-to-done-dependabot:
     secrets:
diff --git a/.github/workflows/pylint.yaml b/.github/workflows/pylint.yaml
index 1c8a249..45fd6d2 100644
--- a/.github/workflows/pylint.yaml
+++ b/.github/workflows/pylint.yaml
@@ -2,6 +2,9 @@ name: pylint
 
 on: [push]
 
+permissions:
+  contents: read
+
 jobs:
   pylint:
     runs-on: ubuntu-latest