fix: linting fixes

more to come

Signed-off-by: jmeridth <[email protected]>

.devcontainer/devcontainer.json

@@ -1,27 +1,13 @@
-// For format details, see https://aka.ms/devcontainer.json. For config options, see the
-// README at: https://github.com/devcontainers/templates/tree/main/src/docker-existing-dockerfile
 {
 	"name": "Existing Dockerfile",
 	"build": {
-		// Sets the run context to one level up instead of the .devcontainer folder.
 		"context": "..",
 		"dockerfile": "../Dockerfile"
 	},
 
-	// Features to add to the dev container. More info: https://containers.dev/features.
 	"features": {
 		"ghcr.io/devcontainers/features/common-utils:2": {}
 	},
 
-	// Use 'forwardPorts' to make a list of ports inside the container available locally.
-	// "forwardPorts": [],
-
-	// Use 'postCreateCommand' to run commands after the container is created.
-	// "postCreateCommand": "echo hello",
-
-	// Configure tool-specific properties.
-	// "customizations": {},
-
-	// Connect as an existing user other than the container default. More info: https://aka.ms/dev-containers-non-root.
 	"remoteUser": "devcontainer"
 }

.github/workflows/codeql-analysis.yml

@@ -21,6 +21,9 @@ on:
   schedule:
     - cron: '27 19 * * 5'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze

.github/workflows/docker-image.yml

@@ -7,12 +7,12 @@ on:
   pull_request:
     branches: [ main ]
 
-jobs:
+permissions:
+  contents: read
 
+jobs:
   build:
-
     runs-on: ubuntu-latest
-
     steps:
     - uses: actions/checkout@v4
     - name: Build the Docker image

.github/workflows/major-version-updater.yml

@@ -1,28 +1,33 @@
 ---
-    name: Major Version Updater
-    # Whenever a new release is made, push a major version tag
-    on:
-      release:
-        types: [ published ]
-
-    jobs:
-      update-major-version-tag:
-        runs-on: ubuntu-latest
-        steps:
-          - name: Checkout Repo
-            uses: actions/checkout@v4
-
-          - name: version
-            id: version
-            run: |
-              tag=${GITHUB_REF/refs\/tags\//}
-              version=${tag#v}
-              major=${version%%.*}
-              echo "tag=${tag}" >> "$GITHUB_OUTPUT"
-              echo "version=${version}" >> "$GITHUB_OUTPUT"
-              echo "major=${major}" >> "$GITHUB_OUTPUT"
-    
-          - name: force update major tag
-            run: |
-              git tag v${{ steps.version.outputs.major }}
-              git push origin refs/tags/v${{ steps.version.outputs.major }} -f
+name: Major Version Updater
+# Whenever a new release is made, push a major version tag
+on:
+  release:
+    types: [ published ]
+
+permissions:
+  contents: write
+
+jobs:
+  update-major-version-tag:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+
+      - name: version
+        id: version
+        run: |
+          tag=${GITHUB_REF/refs\/tags\//}
+          version=${tag#v}
+          major=${version%%.*}
+          echo "tag=${tag}" >> "$GITHUB_OUTPUT"
+          echo "version=${version}" >> "$GITHUB_OUTPUT"
+          echo "major=${major}" >> "$GITHUB_OUTPUT"
+
+      - name: force update major tag
+        run: |
+          git tag v${{ steps.version.outputs.major }}
+          git push origin refs/tags/v${{ steps.version.outputs.major }} -f

.github/workflows/python-package.yml

@@ -10,13 +10,16 @@ on:
   pull_request:
     branches: [ main ]
 
+permissions:
+  contents: read
+
 jobs:
   build:
 
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [3.11, 3.12 ]
+        python-version: [3.11, 3.12]
 
     steps:
     - uses: actions/checkout@v4
@@ -27,8 +30,7 @@ jobs:
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        python -m pip install flake8 pylint pytest pytest-cov
-        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+        pip install -r requirements.txt -r requirements-test.txt
     - name: Lint with flake8 and pylint
       run: |
         make lint

.github/workflows/release-drafter.yml

@@ -7,9 +7,15 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   update_release_draft:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - uses: release-drafter/release-drafter@v6
         env:

Dockerfile

@@ -18,7 +18,6 @@ COPY requirements.txt *.py /action/workspace/
 RUN python3 -m pip install --no-cache-dir -r requirements.txt \
     && apt-get -y update \
     && apt-get -y install --no-install-recommends git-all=1:2.39.2-1.1 \
-    && apt-get install build-essential -y --no-install-recommends \
     && rm -rf /var/lib/apt/lists/*
 
 CMD ["/action/workspace/issue_metrics.py"]

README.md

@@ -99,7 +99,7 @@ If you need support using this project or have questions about it, please [open
 2. Select a best fit workflow file from the [examples directory](./docs/example-workflows.md) for your use case.
 3. Copy that example into your repository (from step 1) and into the proper directory for GitHub Actions: `.github/workflows/` directory with the file extension `.yml` (ie. `.github/workflows/issue-metrics.yml`)
 4. Edit the values (`SEARCH_QUERY`, `assignees`) from the sample workflow with your information. See the [SEARCH_QUERY](./docs/search-query.md) section for more information on how to configure the search query.
-5. If you are running metrics on a repository other than the one where the workflow file is going to be, then update the value of `GH_TOKEN`. Do this by creating a [GitHub API token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) with permissions to read the repo and write issues. Then take the value of the API token you just created, and [create a repository secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) where the name of the secret is `GH_TOKEN` and the value of the secret the API token. Then finally update the workflow file to use that repository secret by changing `GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}` to `GH_TOKEN: ${{ secrets.GH_TOKEN }}`. The name of the secret can really be anything. It just needs to match between when you create the secret name and when you refer to it in the workflow file.
+5. If you are running metrics on a repository other than the one where the workflow file is going to be, then update the value of `GH_TOKEN`. Do this by creating a [GitHub API token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) with permissions to read the repository and write issues. Then take the value of the API token you just created, and [create a repository secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) where the name of the secret is `GH_TOKEN` and the value of the secret the API token. Then finally update the workflow file to use that repository secret by changing `GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}` to `GH_TOKEN: ${{ secrets.GH_TOKEN }}`. The name of the secret can really be anything. It just needs to match between when you create the secret name and when you refer to it in the workflow file.
 6. If you want the resulting issue with the metrics in it to appear in a different repository other than the one the workflow file runs in, update the line `token: ${{ secrets.GITHUB_TOKEN }}` with your own GitHub API token stored as a repository secret. This process is the same as described in the step above. More info on creating secrets can be found [here](https://docs.github.com/en/actions/security-guides/encrypted-secrets).
 7. Commit the workflow file to the default branch (often `master` or `main`)
 8. Wait for the action to trigger based on the `schedule` entry or manually trigger the workflow as shown in the [documentation](https://docs.github.com/en/actions/using-workflows/manually-running-a-workflow).
@@ -131,11 +131,11 @@ This action can be configured to authenticate with GitHub App Installation or Pe
 | field                         | required | default | description |
 |-------------------------------|----------|---------|-------------|
 | `GH_ENTERPRISE_URL`           | False    | `""`    | URL of GitHub Enterprise instance to use for auth instead of github.com                                                                 |
-| `HIDE_AUTHOR`                 | False    | False   | If set to `true`, the author will not be displayed in the generated markdown file. |
-| `HIDE_LABEL_METRICS`          | False | False      | If set to `true`, the time in label metrics will not be displayed in the generated markdown file. |
-| `HIDE_TIME_TO_ANSWER`         | False | False      | If set to `true`, the time to answer a discussion will not be displayed in the generated markdown file. |
-| `HIDE_TIME_TO_CLOSE`          | False | False      | If set to `true`, the time to close will not be displayed in the generated markdown file. |
-| `HIDE_TIME_TO_FIRST_RESPONSE` | False    | False   | If set to `true`, the time to first response will not be displayed in the generated markdown file. |
+| `HIDE_AUTHOR`                 | False    | False   | If set to `true`, the author will not be displayed in the generated Markdown file. |
+| `HIDE_LABEL_METRICS`          | False | False      | If set to `true`, the time in label metrics will not be displayed in the generated Markdown file. |
+| `HIDE_TIME_TO_ANSWER`         | False | False      | If set to `true`, the time to answer a discussion will not be displayed in the generated Markdown file. |
+| `HIDE_TIME_TO_CLOSE`          | False | False      | If set to `true`, the time to close will not be displayed in the generated Markdown file. |
+| `HIDE_TIME_TO_FIRST_RESPONSE` | False    | False   | If set to `true`, the time to first response will not be displayed in the generated Markdown file. |
 | `IGNORE_USERS`                | False | False      | A comma separated list of users to ignore when calculating metrics. (ie. `IGNORE_USERS: 'user1,user2'`). To ignore bots, append `[bot]` to the user (ie. `IGNORE_USERS: 'github-actions[bot]'`)  |
 | `LABELS_TO_MEASURE`           | False    | `""`    | A comma separated list of labels to measure how much time the label is applied. If not provided, no labels durations will be measured. Not compatible with discussions at this time. |
 | `SEARCH_QUERY`                | True     | `""`    | The query by which you can filter issues/PRs which must contain a `repo:`, `org:`, `owner:`, or a `user:` entry. For discussions, include `type:discussions` in the query. |
@@ -145,7 +145,7 @@ This action can be configured to authenticate with GitHub App Installation or Pe
 - [Example workflows](./docs/example-workflows.md)
 - [Measuring time spent in labels](./docs/measure-time.md)
 - [Assigning teams instead of individuals](./docs/assign-team-instead-of-individual.md)
-- [Example using the JSON output instead of the markdown output](./docs/example-using-json-instead-markdown-output.md)
+- [Example using the JSON output instead of the Markdown output](./docs/example-using-json-instead-markdown-output.md)
 - [Configuring the `SEARCH_QUERY`](./docs/search-query.md)
 - [Local usage without Docker](./docs/local-usage-without-docker.md)
 - [Authenticating with GitHub App Installation](./docs/authenticating-with-github-app-installation.md)
@@ -160,4 +160,4 @@ We would ❤️ contributions to improve this action. Please see [CONTRIBUTING.m
 
 ## More OSPO Tools
 
-Looking for more resources for your open source program office (OSPO)? Check out the [`github-ospo`](https://github.com/github/github-ospo) repo for a variety of tools designed to support your needs.
+Looking for more resources for your open source program office (OSPO)? Check out the [`github-ospo`](https://github.com/github/github-ospo) repoistory for a variety of tools designed to support your needs.

docs/assign-team-instead-of-individual.md

@@ -2,7 +2,13 @@
 
 The assignee part of this workflow action comes from [a different GitHub action](https://github.com/peter-evans/create-issue-from-file) and currently GitHub issues don't support assigning groups.
 
-By way of work around, you could use the [GitHub API to retrieve the members of the team](https://docs.github.com/en/rest/teams/members?apiVersion=2022-11-28#list-team-members) and then put them in a comma separated string that you provide as the assignee. This requires setting up a new GitHub API token (referred to below as `CUSTOM_TOKEN`) which has `read:org` permissions assigned and single sign on authorization as needed. To do this, create a [GitHub API token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) with permissions to read the org (`read:org`). Then take the value of the API token you just created, and [create a repository secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) where the name of the secret is `CUSTOM_TOKEN` and the value of the secret the API token.
+By way of work around, you could use the [GitHub API to retrieve the members of the team](https://docs.github.com/en/rest/teams/members?apiVersion=2022-11-28#list-team-members) and then put them in a comma separated string that you provide as the assignee.
+
+This requires setting up a new GitHub API token (referred to below as `CUSTOM_TOKEN`) which has `read:org` permissions assigned and single sign on authorization as needed.
+
+To do this, create a [GitHub API token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) with permissions to read the org (`read:org`).
+
+Then take the value of the API token you just created, and [create a repository secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) where the name of the secret is `CUSTOM_TOKEN` and the value of the secret the API token.
 
 That might look something like the workflow below where `ORG` is your organization name and `TEAM_SLUG` is the name of the team:
 

docs/example-using-json-instead-markdown-output.md

@@ -1,6 +1,6 @@
-# Example using the JSON output instead of the markdown output
+# Example using the JSON output instead of the Markdown output
 
-There is JSON output available as well. You could use it for any number of possibilities, but here is one example that demonstrates retreiving the JSON output and then printing it out.
+There is JSON output available as well. You could use it for any number of possibilities, but here is one example that demonstrates retrieving the JSON output and then printing it out.
 
 ```yaml
 name: Monthly issue metrics

docs/search-query.md

@@ -1,7 +1,9 @@
 # Configuring the `SEARCH_QUERY`
 
 Issues or Pull Requests? Open or closed?
-This action can be configured to run metrics on discussions, pull requests and/or issues. It is also configurable by whether they were open or closed in the specified time window. Further query options are listed in the documentation on [searching issues and pull requests](https://docs.github.com/en/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests) or [searching discussions](https://docs.github.com/en/search-github/searching-on-github/searching-discussions). Search results are limited to 1000 results by the GitHub API.
+This action can be configured to run metrics on discussions, pull requests and/or issues. It is also configurable by whether they were open or closed in the specified time window.
+
+Further query options are listed in the documentation on [searching issues and pull requests](https://docs.github.com/en/issues/tracking-your-work-with-issues/filtering-and-searching-issues-and-pull-requests) or [searching discussions](https://docs.github.com/en/search-github/searching-on-github/searching-discussions). Search results are limited to 1000 results by the GitHub API.
 
 ## Examples