Merge pull request #116 from elliotmatson/renovate/github-super-linter-6.x

Update github/super-linter action to v6

.github/workflows/docker.yml

@@ -16,6 +16,8 @@ on:
     types: [published, edited]
   workflow_dispatch:
 
+permissions: read-all
+  
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: elliotmatson/pgadmin-config-creator
@@ -73,14 +75,3 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ env.DOCKER_IMAGE }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'trivy-results.sarif'

.github/workflows/lint.yml

@@ -6,6 +6,8 @@ on:
   pull_request:
     branches: [main]
 
+permissions: read-all
+
 jobs:
   run-lint:
     name: Lint
@@ -18,7 +20,7 @@ jobs:
           fetch-depth: 0
 
       - name: Lint Code Base
-        uses: github/super-linter@v5
+        uses: github/super-linter@v6
         env:
           VALIDATE_ALL_CODEBASE: false
           DEFAULT_BRANCH: main

.github/workflows/stack-healthcheck.yml

@@ -5,6 +5,8 @@ on:
   pull_request:
   workflow_dispatch:
 
+permissions: read-all
+
 jobs:
   test:
     name: Test Stack

.github/workflows/stale.yml

@@ -4,6 +4,10 @@ on:
     - cron: '0 */1 * * *'
   workflow_dispatch:
 
+permissions:
+  issues: write
+  pull-requests: write
+
 jobs:
   stale:
     runs-on: ubuntu-latest

pgadmin-config-creator/Dockerfile

@@ -1,7 +1,13 @@
 FROM python:3.12-alpine
+
+RUN useradd -m pgadmin-config-creator
+USER pgadmin-config-creator
+
 RUN mkdir /app
 RUN mkdir /config
+
 COPY . /app
 WORKDIR /app
+
 CMD ["python", "app.py"]
 HEALTHCHECK CMD test -f /config/servers.json || exit 1