Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lineage pull request for: skeleton #219

Merged
merged 53 commits into from
Nov 8, 2024
Merged

Lineage pull request for: skeleton #219

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
33582a1
Add checks for semantic python versions
Feb 14, 2024
9438194
Refactor code for the semantic check
Feb 14, 2024
cea8edc
Add checks for semantic python versions
Feb 14, 2024
d5c7c4a
Refactor code for the semantic check
Feb 14, 2024
f7b9d05
Merge branch 'improvement/correct-semantic-python-version-checks' of …
Mar 18, 2024
327ab73
Remove example of correct semantic version
Mar 18, 2024
4dedf50
Refactor the error message for the user
Mar 20, 2024
e84deea
Improve the semantic error message
Mar 20, 2024
5fdc7be
Fix grammar
michaelsaki Mar 20, 2024
42ef8c2
Refactor regex, add link, and improve comments
Mar 21, 2024
a77e5e1
Update link to use semver.org over regex101.com
Mar 21, 2024
5fe14c7
Remove unnecessary period
michaelsaki Mar 21, 2024
b7896a0
Add a meta hook to the pre-commit configuration
mcdonnnj Apr 20, 2024
260566f
Remove `exclude` directive that does not apply to any files
mcdonnnj Apr 20, 2024
a68994d
Add a lower-bound pin for flake8-docstrings
jsf9k Jul 1, 2024
43b91c7
Use the hashicorp/setup-packer GitHub Action
mcdonnnj Aug 12, 2024
8ada75d
Remove @jasonodoom as a codeowner
jsf9k Aug 23, 2024
2930208
Pin to a specific version
jsf9k Aug 26, 2024
46e0553
Bump actions/cache from 3 to 4
dependabot[bot] Sep 24, 2024
3167421
Bump crazy-max/ghaction-github-status from 3 to 4
dependabot[bot] Sep 24, 2024
6a58c2c
Update pre-commit hook versions
mcdonnnj Aug 12, 2024
553efcb
Manually update the prettier hook
mcdonnnj Aug 12, 2024
184e749
Merge pull request #170 from cisagov/dependabot/github_actions/crazy-…
mcdonnnj Sep 25, 2024
d99c117
Merge pull request #171 from cisagov/dependabot/github_actions/action…
mcdonnnj Sep 25, 2024
2491ca0
Merge pull request #187 from cisagov/improvement/use_setup_packer_action
mcdonnnj Sep 25, 2024
f6c9537
Merge pull request #176 from cisagov/improvement/correct-semantic-pyt…
mcdonnnj Sep 25, 2024
10e5f6f
Merge pull request #188 from cisagov/remove-odoom-as-a-codeowner
mcdonnnj Sep 25, 2024
045a998
Add a pre-commit hook to run pip-audit
mcdonnnj Jan 18, 2024
28dc4ce
Merge pull request #178 from cisagov/improvement/add_pre-commit_meta_…
mcdonnnj Sep 25, 2024
5801cec
Merge pull request #179 from cisagov/improvement/add_pip-audit_pre-co…
mcdonnnj Sep 25, 2024
e61255c
Merge pull request #184 from cisagov/improvement/pin-flake8-docstrings
mcdonnnj Sep 25, 2024
44cd1be
Merge pull request #185 from cisagov/maintenance/update_pre-commit_hooks
mcdonnnj Sep 25, 2024
c502f1a
Use the rbubley/mirrors-prettier hook for prettier
mcdonnnj Aug 12, 2024
f0e55b3
Merge pull request #186 from cisagov/improvement/switch_prettier_hook
mcdonnnj Sep 25, 2024
942c0dc
Add a new trigger for the sync-labels GitHub Actions workflow
mcdonnnj Aug 13, 2024
a267662
Remove unnecessary quotes in the sync-labels workflow
mcdonnnj Aug 13, 2024
dc7f09e
Add four new hooks from pre-commit/pre-commit-hooks
mcdonnnj Sep 14, 2024
343d2cc
Add the GitHubSecurityLab/actions-permissions/monitor Action
mcdonnnj Oct 28, 2024
8a77a8b
Restrict permissions of GITHUB_TOKEN
mcdonnnj Oct 28, 2024
3b1d4ef
Update pre-commit hook versions
mcdonnnj Oct 16, 2024
1d285f2
Sort hook ids in each pre-commit hook entry
mcdonnnj Oct 29, 2024
5da1059
Merge pull request #189 from cisagov/improvement/manually_run_sync-la…
mcdonnnj Oct 30, 2024
ff221ba
Merge pull request #190 from cisagov/improvement/add_actions-permissi…
mcdonnnj Oct 30, 2024
971602a
Merge pull request #191 from cisagov/improvement/github_tokenn_polp
mcdonnnj Oct 30, 2024
bdf8a25
Merge pull request #192 from cisagov/maintenance/update_pre-commit_hooks
mcdonnnj Oct 30, 2024
6959971
Merge pull request #193 from cisagov/improvement/add_more_pre-commit_…
mcdonnnj Oct 30, 2024
f517db7
Merge pull request #194 from cisagov/improvement/ensure_pre-commit_ho…
mcdonnnj Oct 30, 2024
ef51f4f
Merge remote-tracking branch 'skeleton-generic/develop' into lineage/…
jsf9k Oct 30, 2024
93d77a2
Uncomment new Dependabot ignore directive from upstream
jsf9k Oct 30, 2024
8824475
Update the commented out dependabot ignore directives
mcdonnnj Nov 1, 2024
e6afb68
Merge pull request #195 from cisagov/bug/add_missing_dependabot_ignore
mcdonnnj Nov 1, 2024
7f3cc80
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
Nov 1, 2024
35287ff
Enable new dependabot ignore directives
mcdonnnj Nov 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 14 additions & 14 deletions .github/CODEOWNERS
View file
Open in desktop
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,22 @@
# These owners will be the default owners for everything in the
# repo. Unless a later match takes precedence, these owners will be
# requested for review when someone opens a pull request.
* @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
* @dav3r @felddy @jsf9k @mcdonnnj

# These folks own any files in the .github directory at the root of
# the repository and any of its subdirectories.
/.github/ @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.github/ @dav3r @felddy @jsf9k @mcdonnnj

# These folks own all linting configuration files.
/.ansible-lint @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.bandit.yml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.flake8 @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.isort.cfg @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.mdl_config.yaml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.pre-commit-config.yaml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.prettierignore @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.yamllint @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/requirements.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/requirements-dev.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/requirements-test.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/setup-env @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.ansible-lint @dav3r @felddy @jsf9k @mcdonnnj
/.bandit.yml @dav3r @felddy @jsf9k @mcdonnnj
/.flake8 @dav3r @felddy @jsf9k @mcdonnnj
/.isort.cfg @dav3r @felddy @jsf9k @mcdonnnj
/.mdl_config.yaml @dav3r @felddy @jsf9k @mcdonnnj
/.pre-commit-config.yaml @dav3r @felddy @jsf9k @mcdonnnj
/.prettierignore @dav3r @felddy @jsf9k @mcdonnnj
/.yamllint @dav3r @felddy @jsf9k @mcdonnnj
/requirements.txt @dav3r @felddy @jsf9k @mcdonnnj
/requirements-dev.txt @dav3r @felddy @jsf9k @mcdonnnj
/requirements-test.txt @dav3r @felddy @jsf9k @mcdonnnj
/setup-env @dav3r @felddy @jsf9k @mcdonnnj
3 changes: 3 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,12 @@ updates:
- dependency-name: actions/checkout
- dependency-name: actions/setup-go
- dependency-name: actions/setup-python
- dependency-name: cisagov/setup-env-github-action
- dependency-name: crazy-max/ghaction-dump-context
- dependency-name: crazy-max/ghaction-github-labeler
- dependency-name: crazy-max/ghaction-github-status
- dependency-name: GitHubSecurityLab/actions-permissions
- dependency-name: hashicorp/setup-packer
- dependency-name: hashicorp/setup-terraform
- dependency-name: mxschmitt/action-tmate
- dependency-name: step-security/harden-runner
Expand Down
37 changes: 19 additions & 18 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ defaults:
shell: bash -Eueo pipefail -x {0}

env:
CURL_CACHE_DIR: ~/.cache/curl
PIP_CACHE_DIR: ~/.cache/pip
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
RUN_TMATE: ${{ secrets.RUN_TMATE }}
Expand All @@ -31,10 +30,18 @@ env:
jobs:
diagnostics:
name: Run diagnostics
# This job does not need any permissions
permissions: {}
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
Expand All @@ -49,8 +56,15 @@ jobs:
lint:
needs:
- diagnostics
permissions:
# actions/checkout needs this to fetch code
contents: read
runs-on: ubuntu-latest
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
Expand All @@ -76,7 +90,7 @@ jobs:
name: Lookup Go cache directory
run: |
echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT
- uses: actions/cache@v3
- uses: actions/cache@v4
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
py${{ steps.setup-python.outputs.python-version }}-\
Expand All @@ -97,25 +111,12 @@ jobs:
path: |
${{ env.PIP_CACHE_DIR }}
${{ env.PRE_COMMIT_CACHE_DIR }}
${{ env.CURL_CACHE_DIR }}
${{ steps.go-cache.outputs.dir }}
restore-keys: |
${{ env.BASE_CACHE_KEY }}
- name: Setup curl cache
run: mkdir -p ${{ env.CURL_CACHE_DIR }}
- name: Install Packer
env:
PACKER_VERSION: ${{ steps.setup-env.outputs.packer-version }}
run: |
PACKER_ZIP="packer_${PACKER_VERSION}_linux_amd64.zip"
curl --output ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
--time-cond ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
--location \
"https://releases.hashicorp.com/packer/${PACKER_VERSION}/${PACKER_ZIP}"
sudo unzip -d /opt/packer \
${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}"
sudo mv /usr/local/bin/packer /usr/local/bin/packer-default
sudo ln -s /opt/packer/packer /usr/local/bin/packer
- uses: hashicorp/setup-packer@v3
with:
version: ${{ steps.setup-env.outputs.packer-version }}
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
Expand Down
19 changes: 16 additions & 3 deletions .github/workflows/sync-labels.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,27 +4,36 @@ name: sync-labels
on:
push:
paths:
- '.github/labels.yml'
- '.github/workflows/sync-labels.yml'
- .github/labels.yml
- .github/workflows/sync-labels.yml
workflow_dispatch:

permissions:
contents: read

jobs:
diagnostics:
name: Run diagnostics
# This job does not need any permissions
permissions: {}
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v3
uses: crazy-max/ghaction-github-status@v4
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
Expand All @@ -38,6 +47,10 @@ jobs:
issues: write
runs-on: ubuntu-latest
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
Expand Down
85 changes: 49 additions & 36 deletions .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,30 @@ default_language_version:
python: python3

repos:
# Check the pre-commit configuration
- repo: meta
hooks:
- id: check-useless-excludes

- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
rev: v5.0.0
hooks:
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-json
- id: check-merge-conflict
- id: check-shebang-scripts-are-executable
- id: check-symlinks
- id: check-toml
- id: check-vcs-permalinks
- id: check-xml
- id: debug-statements
- id: destroyed-symlinks
- id: detect-aws-credentials
args:
- --allow-missing-credentials
- id: detect-private-key
- id: end-of-file-fixer
exclude: files/(issue|motd)
- id: mixed-line-ending
args:
- --fix=lf
Expand All @@ -31,22 +39,15 @@ repos:

# Text file hooks
- repo: https://github.com/igorshubovych/markdownlint-cli
rev: v0.41.0
rev: v0.42.0
hooks:
- id: markdownlint
args:
- --config=.mdl_config.yaml
- repo: https://github.com/pre-commit/mirrors-prettier
# This is the last version of v3 available from the mirror. We should hold
# here until v4, which is currently in alpha, is more stable.
rev: v3.1.0
- repo: https://github.com/rbubley/mirrors-prettier
rev: v3.3.3
hooks:
- id: prettier
# This is the latest version of v3 available from NPM. The pre-commit
# mirror does not pull tags for old major versions once a new major
# version tag is published.
additional_dependencies:
- [email protected]
- repo: https://github.com/adrienverge/yamllint
rev: v1.35.1
hooks:
Expand All @@ -56,40 +57,40 @@ repos:

# GitHub Actions hooks
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.28.4
rev: 0.29.4
hooks:
- id: check-github-actions
- id: check-github-workflows

# pre-commit hooks
- repo: https://github.com/pre-commit/pre-commit
rev: v3.7.1
rev: v4.0.1
hooks:
- id: validate_manifest

# Go hooks
- repo: https://github.com/TekWizely/pre-commit-golang
rev: v1.0.0-rc.1
hooks:
# Style Checkers
- id: go-critic
# StaticCheck
- id: go-staticcheck-repo-mod
# Go Build
- id: go-build-repo-mod
# Style Checkers
- id: go-critic
# goimports
- id: go-imports-repo
args:
# Write changes to files
- -w
# Go Mod Tidy
- id: go-mod-tidy-repo
# GoSec
- id: go-sec-repo-mod
# StaticCheck
- id: go-staticcheck-repo-mod
# Go Test
- id: go-test-repo-mod
# Go Vet
- id: go-vet-repo-mod
# GoSec
- id: go-sec-repo-mod
# goimports
- id: go-imports-repo
args:
# Write changes to files
- -w
# Nix hooks
- repo: https://github.com/nix-community/nixpkgs-fmt
rev: v1.3.0
Expand All @@ -98,7 +99,7 @@ repos:

# Shell script hooks
- repo: https://github.com/scop/pre-commit-shfmt
rev: v3.8.0-1
rev: v3.10.0-1
hooks:
- id: shfmt
args:
Expand All @@ -122,37 +123,49 @@ repos:

# Python hooks
- repo: https://github.com/PyCQA/bandit
rev: 1.7.8
rev: 1.7.10
hooks:
- id: bandit
args:
- --config=.bandit.yml
- repo: https://github.com/psf/black-pre-commit-mirror
rev: 24.4.2
rev: 24.10.0
hooks:
- id: black
- repo: https://github.com/PyCQA/flake8
rev: 7.0.0
rev: 7.1.1
hooks:
- id: flake8
additional_dependencies:
- flake8-docstrings
- flake8-docstrings==1.7.0
- repo: https://github.com/PyCQA/isort
rev: 5.13.2
hooks:
- id: isort
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.10.0
rev: v1.13.0
hooks:
- id: mypy
- repo: https://github.com/pypa/pip-audit
rev: v2.7.3
hooks:
- id: pip-audit
args:
# Add any pip requirements files to scan
- --requirement
- requirements-dev.txt
- --requirement
- requirements-test.txt
- --requirement
- requirements.txt
- repo: https://github.com/asottile/pyupgrade
rev: v3.15.2
rev: v3.19.0
hooks:
- id: pyupgrade

# Ansible hooks
- repo: https://github.com/ansible/ansible-lint
rev: v24.6.0
rev: v24.9.2
hooks:
- id: ansible-lint
additional_dependencies:
Expand All @@ -177,7 +190,7 @@ repos:

# Terraform hooks
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.90.0
rev: v1.96.1
hooks:
- id: terraform_fmt
- id: terraform_validate
Expand All @@ -190,7 +203,7 @@ repos:

# Packer hooks
- repo: https://github.com/cisagov/pre-commit-packer
rev: v0.0.2
rev: v0.3.0
hooks:
- id: packer_validate
- id: packer_fmt
- id: packer_validate
Loading