From 32c701559b690677d4353af0f7c5451d3eff612a Mon Sep 17 00:00:00 2001
From: Florian Hockmann <fh@florian-hockmann.de>
Date: Wed, 24 Apr 2024 14:55:19 +0200
Subject: [PATCH] Fix linter after updating

The linter now also checks C# code for duplicates
which unfortunately detects our license headers.
Since I could not find a way to actually ignore
our license headers, I had to disable that check.

It now also checks whether a GitHub workflow has
too many permissions. We should limit those in
general to what is actually needed.

Signed-off-by: Florian Hockmann <fh@florian-hockmann.de>
---
 .dependency_license           |  1 +
 .github/workflows/dotnet.yml  | 10 ++++++++--
 .github/workflows/license.yml |  6 +++++-
 .github/workflows/linter.yml  | 10 +++++++++-
 4 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/.dependency_license b/.dependency_license
index 7f22d2a..69a8ad9 100644
--- a/.dependency_license
+++ b/.dependency_license
@@ -23,3 +23,4 @@ JanusGraph.Net.sln, Apache-2.0
 JanusGraph logomark color RGB.png, Apache-2.0
 CONTRIBUTORS.txt, Apache-2.0
 appsettings.json, Apache-2.0
+.jscpd.json, Apache-2.0
diff --git a/.github/workflows/dotnet.yml b/.github/workflows/dotnet.yml
index d0380cb..acc2ece 100644
--- a/.github/workflows/dotnet.yml
+++ b/.github/workflows/dotnet.yml
@@ -24,13 +24,17 @@ on:
     types:
       - published
 
+permissions: { }
+
 env:
   NUGET_KEY: ${{ secrets.NUGET_KEY }}
   NUGET_FEED: https://api.nuget.org/v3/index.json
 
 jobs:
   build:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
 
     steps:
       - uses: actions/checkout@v4
@@ -55,7 +59,9 @@ jobs:
   deploy:
     needs: build
     if: github.event_name == 'release'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
 
     steps:
       - name: Download Artifact
diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml
index 2653c57..43662b1 100644
--- a/.github/workflows/license.yml
+++ b/.github/workflows/license.yml
@@ -18,9 +18,13 @@ name: License Validation
 on:
   pull_request: { }
 
+permissions: { }
+
 jobs:
   weasel:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index b3bf2ee..0e1c991 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -19,9 +19,16 @@ on:
   pull_request: { }
   push: { }
 
+permissions: { }
+
 jobs:
   check:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+      # To report GitHub Actions status checks
+      statuses: write
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
@@ -33,5 +40,6 @@ jobs:
         uses: github/super-linter@v6
         env:
           VALIDATE_ALL_CODEBASE: false
+          VALIDATE_JSCPD: false # need to find a way to ignore license headers for duplicate detection
           DEFAULT_BRANCH: master
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}