Skip to content

Commit

Permalink
Merge pull request #145 from cisagov/lineage/skeleton
Browse files Browse the repository at this point in the history
⚠️ CONFLICT! Lineage pull request for: skeleton
  • Loading branch information
jsf9k authored Dec 21, 2023
2 parents 08430e2 + 26438df commit 804d3ef
Show file tree
Hide file tree
Showing 8 changed files with 141 additions and 35 deletions.
2 changes: 1 addition & 1 deletion .bandit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
# This config is applied to bandit when scanning the "tests" tree

# Tests are first included by `tests`, and then excluded by `skips`.
# If `tests` is empty, all tests are are considered included.
# If `tests` is empty, all tests are considered included.

tests:
# - B101
Expand Down
29 changes: 18 additions & 11 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,30 +5,37 @@
# these updates when the pull request(s) in the appropriate skeleton are merged
# and Lineage processes these changes.

version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
- directory: /
ignore:
# Managed by cisagov/skeleton-generic
- dependency-name: actions/cache
- dependency-name: actions/checkout
- dependency-name: actions/setup-go
- dependency-name: actions/setup-python
- dependency-name: crazy-max/ghaction-dump-context
- dependency-name: crazy-max/ghaction-github-labeler
- dependency-name: crazy-max/ghaction-github-status
- dependency-name: hashicorp/setup-terraform
- dependency-name: mxschmitt/action-tmate
- dependency-name: step-security/harden-runner
# Managed by cisagov/skeleton-python-library
- dependency-name: actions/download-artifact
- dependency-name: actions/upload-artifact
- dependency-name: github/codeql-action/analyze
- dependency-name: github/codeql-action/autobuild
- dependency-name: github/codeql-action/init
package-ecosystem: github-actions
schedule:
interval: weekly

- package-ecosystem: "pip"
directory: "/"
- directory: /
package-ecosystem: pip
schedule:
interval: "weekly"
interval: weekly

- package-ecosystem: "terraform"
directory: "/"
- directory: /
package-ecosystem: terraform
schedule:
interval: "weekly"
interval: weekly
version: 2
77 changes: 72 additions & 5 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,36 @@ env:
RUN_TMATE: ${{ secrets.RUN_TMATE }}

jobs:
diagnostics:
name: Run diagnostics
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v3
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
lint:
needs:
- diagnostics
runs-on: ubuntu-latest
steps:
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: setup-env
uses: cisagov/setup-env-github-action@develop
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
with:
Expand Down Expand Up @@ -84,11 +108,26 @@ jobs:
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
- name: Install go-critic
env:
PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic
PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install gosec
env:
PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec
PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install shfmt
env:
PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt
PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install staticcheck
env:
PACKAGE_URL: honnef.co/go/tools/cmd/staticcheck
PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install Terraform-docs
env:
PACKAGE_URL: github.com/terraform-docs/terraform-docs
Expand All @@ -107,6 +146,8 @@ jobs:
if: env.RUN_TMATE
test:
name: test source - py${{ matrix.python-version }}
needs:
- diagnostics
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
Expand All @@ -119,11 +160,17 @@ jobs:
- "3.9"
- "3.10"
- "3.11"
- "3.12"
include:
- os: ubuntu-20.04
python-version: "3.6"
steps:
- uses: actions/checkout@v3
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
with:
Expand Down Expand Up @@ -165,9 +212,15 @@ jobs:
coveralls-finish:
runs-on: ubuntu-latest
needs:
- diagnostics
- test
steps:
- uses: actions/checkout@v3
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
with:
Expand Down Expand Up @@ -201,6 +254,7 @@ jobs:
build:
name: build wheel - py${{ matrix.python-version }}
needs:
- diagnostics
- lint
- test
runs-on: ${{ matrix.os }}
Expand All @@ -215,11 +269,17 @@ jobs:
- "3.9"
- "3.10"
- "3.11"
- "3.12"
include:
- os: ubuntu-20.04
python-version: "3.6"
steps:
- uses: actions/checkout@v3
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
with:
Expand Down Expand Up @@ -255,6 +315,7 @@ jobs:
test-build:
name: test built wheel - py${{ matrix.python-version }}
needs:
- diagnostics
- build
runs-on: ${{ matrix.os }}
strategy:
Expand All @@ -268,11 +329,17 @@ jobs:
- "3.9"
- "3.10"
- "3.11"
- "3.12"
include:
- os: ubuntu-20.04
python-version: "3.6"
steps:
- uses: actions/checkout@v3
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
with:
Expand Down
29 changes: 27 additions & 2 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
name: "CodeQL"
name: CodeQL

on:
push:
Expand All @@ -20,8 +20,27 @@ on:
- cron: '0 14 * * 6'

jobs:
diagnostics:
name: Run diagnostics
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v3
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
analyze:
name: Analyze
needs:
- diagnostics
runs-on: ubuntu-latest
permissions:
# required for all workflows
Expand All @@ -37,8 +56,14 @@ jobs:
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

steps:
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/sync-labels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,10 @@ jobs:
issues: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Sync repository labels
if: success()
uses: crazy-max/ghaction-github-labeler@v4
uses: crazy-max/ghaction-github-labeler@v5
with:
# This is a hideous ternary equivalent so we only do a dry run unless
# this workflow is triggered by the develop branch.
Expand Down
32 changes: 19 additions & 13 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,13 @@ repos:

# Text file hooks
- repo: https://github.com/igorshubovych/markdownlint-cli
rev: v0.34.0
rev: v0.36.0
hooks:
- id: markdownlint
args:
- --config=.mdl_config.yaml
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v3.0.0-alpha.9-for-vscode
rev: v3.0.3
hooks:
- id: prettier
- repo: https://github.com/adrienverge/yamllint
Expand All @@ -49,14 +49,14 @@ repos:

# GitHub Actions hooks
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.23.1
rev: 0.26.3
hooks:
- id: check-github-actions
- id: check-github-workflows

# pre-commit hooks
- repo: https://github.com/pre-commit/pre-commit
rev: v3.3.2
rev: v3.4.0
hooks:
- id: validate_manifest

Expand All @@ -79,6 +79,12 @@ repos:
# GoSec
- id: go-sec-repo-mod

# Nix hooks
- repo: https://github.com/nix-community/nixpkgs-fmt
rev: v1.3.0
hooks:
- id: nixpkgs-fmt

# Shell script hooks
- repo: https://github.com/cisagov/pre-commit-shfmt
rev: v0.0.2
Expand Down Expand Up @@ -111,17 +117,17 @@ repos:
- --config=.bandit.yml
# Run bandit on everything except the "tests" tree
- repo: https://github.com/PyCQA/bandit
rev: 1.7.4
rev: 1.7.5
hooks:
- id: bandit
name: bandit (everything else)
exclude: tests
- repo: https://github.com/psf/black
rev: 23.3.0
- repo: https://github.com/psf/black-pre-commit-mirror
rev: 23.9.1
hooks:
- id: black
- repo: https://github.com/PyCQA/flake8
rev: 6.0.0
rev: 6.1.0
hooks:
- id: flake8
additional_dependencies:
Expand All @@ -131,28 +137,28 @@ repos:
hooks:
- id: isort
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.3.0
rev: v1.5.1
hooks:
- id: mypy
additional_dependencies:
- types-docopt
- types-requests
- types-setuptools
- repo: https://github.com/asottile/pyupgrade
rev: v3.4.0
rev: v3.10.1
hooks:
- id: pyupgrade

# Ansible hooks
- repo: https://github.com/ansible-community/ansible-lint
rev: v6.17.0
- repo: https://github.com/ansible/ansible-lint
rev: v6.19.0
hooks:
- id: ansible-lint
# files: molecule/default/playbook.yml

# Terraform hooks
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.80.0
rev: v1.83.2
hooks:
- id: terraform_fmt
- id: terraform_validate
Expand Down
1 change: 1 addition & 0 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ def get_version(version_file):
"Programming Language :: Python :: 3.9",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Programming Language :: Python :: Implementation :: CPython",
],
python_requires=">=3.6",
Expand Down
Loading

0 comments on commit 804d3ef

Please sign in to comment.