Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⚠️ CONFLICT! Lineage pull request for: skeleton #133

Merged
merged 102 commits into from
Jul 29, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
102 commits
Select commit Hold shift + click to select a range
b5e5c11
Bump crazy-max/ghaction-github-status from 3 to 4
dependabot[bot] Sep 13, 2023
371179e
Add a diagnostics job for the label syncing workflow
jsf9k Sep 13, 2023
1f611fc
Make the dev team the owners of the linter configuration files
jsf9k Sep 14, 2023
c356768
Make dev team members the codeowners of the requirements*.txt and set…
jsf9k Sep 14, 2023
0195005
Explicitly list the linter config files the dev team should own
jsf9k Sep 15, 2023
b768a28
Bump hashicorp/setup-terraform from 2 to 3
dependabot[bot] Oct 30, 2023
9f31700
Prefer block style to flow style
mcdonnnj Nov 2, 2023
696433a
Alphabetize entries in the build workflow
mcdonnnj Nov 2, 2023
6503a9e
Add a `merge_group` trigger to the build workflow
mcdonnnj Nov 2, 2023
193e799
Bump actions/setup-go from 4 to 5
dependabot[bot] Dec 11, 2023
5c84295
Bump actions/setup-python from 4 to 5
dependabot[bot] Dec 11, 2023
4a63dbe
Switch pre-commit hooks for running shfmt
mcdonnnj Jan 18, 2024
3236b1b
Remove installation of shfmt in the `build` workflow
mcdonnnj Jan 18, 2024
5ddb14d
Use long options for shfmt arguments
mcdonnnj Jan 18, 2024
8ecd957
Add additional shfmt options
mcdonnnj Jan 18, 2024
242921b
Set the default shell for all run steps in the build workflow
mcdonnnj Sep 21, 2023
c7b18dc
Add linting with goimports to the pre-commit configuration
mcdonnnj Jan 12, 2024
f6d9d6e
Add ATX Header Support for terraform-docs
Jan 22, 2024
544e478
Add prepended names to variables to describe their function
michaelsaki Jan 22, 2024
f5fa0ff
Remove unnecessary capitalizations and fix grammar
michaelsaki Jan 22, 2024
36361dd
Simplify steps in the build/install portion of workflow
michaelsaki Jan 22, 2024
3711ebe
Add TODO label
michaelsaki Jan 23, 2024
d114fb4
Move TODO and add link to the issue
michaelsaki Jan 23, 2024
c907cfc
Alphabetize switches
michaelsaki Jan 23, 2024
48db3e3
Allow setup-env to specify Python version
Jan 25, 2024
c10929a
Add /dev/null and remove TMPFILE
michaelsaki Jan 25, 2024
adada40
Place flags in the correct order for -r and -p
Jan 25, 2024
1861b9b
Remove unneccessary spacing
Jan 25, 2024
3f623e4
Alphabetize flags and descriptions
michaelsaki Jan 25, 2024
9497dc2
Move misplaced exit
jsf9k Jan 26, 2024
e1d0f28
Remove premature pyenv local command
jsf9k Jan 26, 2024
517b336
Include PYTHON_VERSION when running pyenv virtualenv
jsf9k Jan 26, 2024
2e5794c
Add getopt variables and short flags
Jan 30, 2024
8a50031
Remove redundant flag initialization
Jan 30, 2024
0df0e6a
Add getopt functionality and -n flag
Jan 30, 2024
60cad12
Update the usage and force documentation
Jan 30, 2024
b6ab6d8
Update usage with long options
Feb 7, 2024
d362614
Add gnu-getopt functionality and error handling
Feb 7, 2024
f924584
Add documentation in CONTRIBUTING.md for gnu-getopt
Feb 7, 2024
ba86ead
Fix grammar and capitalization errors
michaelsaki Feb 7, 2024
ba0fc19
Combine PATH exports to single line
michaelsaki Feb 7, 2024
1240bdd
Improve usage instructions
michaelsaki Feb 7, 2024
297b5bd
Add $(brew --prefix) to PATH for getopt
michaelsaki Feb 7, 2024
7af70f5
Fix confusing wording
michaelsaki Feb 7, 2024
e5a2d14
Replace virt_env_name w/ virtual_env_name for clarity
michaelsaki Feb 7, 2024
82c70e0
Differentiate between GNU getopt and gnu-getopt brew formula
michaelsaki Feb 13, 2024
493a4a3
Add parenthesis over brew link
michaelsaki Feb 13, 2024
3bc9aeb
Refactor flag names for clarity and accuracy
Feb 14, 2024
0be1f63
Elaborate on message when checking for GNU getopt
Feb 14, 2024
c8f0b1b
Remove unnecessary nounset flipping logic
Feb 14, 2024
495862a
Separate pyenv PATH from GNU getopt PATH
Feb 14, 2024
4752b37
Improve verbiage in comments
michaelsaki Feb 21, 2024
2e38997
Clarify between pyenv and GNU getopt setup
michaelsaki Feb 21, 2024
f8824c8
Improve comment on conditional check for regex
Feb 21, 2024
88724e7
Add comment explaining that GNU getopt is keg-only
Feb 21, 2024
c1870be
Improve comments to better describe `keg-only` terminology
michaelsaki Feb 21, 2024
a3f69cd
Change "'setup-env' tool" to "'setup-env' script"
michaelsaki Feb 26, 2024
8ff5179
Remove build-in error exit for generic error exit
michaelsaki Feb 26, 2024
1c21e2b
Change verbiage from 'tool' to 'script' for clarity
michaelsaki Feb 26, 2024
3acc8d6
Check for pyenv earlier in the script
Feb 26, 2024
b377ce7
Explain -r and -p in Python version prompt
Feb 26, 2024
74838a2
Refine exit code to 64 with gnu-getopt note
Feb 26, 2024
487126e
Rename gnu-getopt tool to GNU getopt formula
michaelsaki Feb 28, 2024
6c82a8d
Fix whitespace for usage menu
michaelsaki Feb 28, 2024
324f6d4
Add link to brew terminology
michaelsaki Feb 28, 2024
a26d0e3
Rephrase comment to improve clarity
michaelsaki Feb 28, 2024
0510870
Improve comment for clarity
michaelsaki Feb 28, 2024
01abde6
Improve verbiage in comment
Feb 28, 2024
0989d17
Change comments for macOS and venv_name
Feb 28, 2024
a9c6ed8
Improve comments for clarity
michaelsaki Feb 29, 2024
b9c729f
Update pre-commit hook versions
mcdonnnj Jan 4, 2024
4c93395
Manually update the prettier hook
mcdonnnj Jan 4, 2024
9a0e7c3
Merge pull request #149 from cisagov/dependabot/github_actions/crazy-…
mcdonnnj Mar 6, 2024
d0d8783
Merge pull request #150 from cisagov/improvement/add-diagnostics-to-l…
mcdonnnj Mar 6, 2024
158abf5
Merge pull request #151 from cisagov/improvement/make-ois-own-linting…
mcdonnnj Mar 6, 2024
6f23c97
Merge pull request #155 from cisagov/dependabot/github_actions/hashic…
mcdonnnj Mar 6, 2024
c0043bd
Merge pull request #156 from cisagov/improvement/better_support_merge…
mcdonnnj Mar 6, 2024
e5ffc52
Merge pull request #158 from cisagov/dependabot/github_actions/action…
mcdonnnj Mar 6, 2024
59b2ad1
Merge pull request #159 from cisagov/dependabot/github_actions/action…
mcdonnnj Mar 6, 2024
57bef4a
Merge pull request #161 from cisagov/maintenance/update_pre-commit_hooks
mcdonnnj Mar 6, 2024
01c9e11
Merge pull request #162 from cisagov/improvement/set_default_for_run_…
mcdonnnj Mar 6, 2024
d1a186d
Merge pull request #166 from cisagov/improvement/allow_setup-env_to_s…
mcdonnnj Mar 6, 2024
7169dcf
Use Python and Go versions provided by cisagov/setup-env-github-action
mcdonnnj Nov 11, 2023
95a61f5
Merge pull request #157 from cisagov/improvement/get_more_versions_fr…
mcdonnnj Mar 6, 2024
81735c2
Merge pull request #160 from cisagov/improvement/switch_pre-commit_ho…
mcdonnnj Mar 6, 2024
4f73489
Merge pull request #163 from cisagov/improvement/add_goimports_hook
mcdonnnj Mar 6, 2024
9020b55
Merge pull request #164 from cisagov/improvement/install_atx_header_s…
mcdonnnj Mar 6, 2024
035cf86
Switch pre-commit hooks for running shellcheck
mcdonnnj Feb 27, 2024
e79569c
Merge pull request #168 from cisagov/improvement/switch_pre-commit_ho…
mcdonnnj Mar 6, 2024
dc02993
Merge remote-tracking branch 'skeleton-generic/develop' into lineage/…
jsf9k Mar 6, 2024
935237b
Add whitespace to placate Black linter/formatter
jsf9k Mar 6, 2024
898e9ef
Use the Python version from setup-env
jsf9k Mar 6, 2024
07e2b60
Pin ansible-core when running the ansible-lint linter
jsf9k May 4, 2024
c74e5db
Remove unnecessary line
jsf9k May 4, 2024
2e53e0d
Explain why ansible may need to be added as a dependency for ansible-…
jsf9k May 7, 2024
f51fe62
Update pre-commit hook versions
mcdonnnj May 11, 2024
8e55b8e
Manually update the prettier hook
mcdonnnj Jun 6, 2024
c617bb9
Correct commented-out ansible pin
jsf9k Jun 6, 2024
de92c3c
Merge pull request #183 from cisagov/maintenance/update_pre-commit_hooks
mcdonnnj Jun 6, 2024
7ddea47
Merge pull request #182 from cisagov/improvement/pin-packages-for-ans…
mcdonnnj Jun 6, 2024
7779dd6
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
Jun 6, 2024
0905548
Match bandit pre-commit hook versions
mcdonnnj Jul 29, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,17 @@
# These folks own any files in the .github directory at the root of
# the repository and any of its subdirectories.
/.github/ @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj

# These folks own all linting configuration files.
/.ansible-lint @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.bandit.yml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.flake8 @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.isort.cfg @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.mdl_config.yaml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.pre-commit-config.yaml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.prettierignore @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.yamllint @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/requirements.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/requirements-dev.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/requirements-test.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/setup-env @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
87 changes: 58 additions & 29 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,31 @@
name: build

on:
push:
merge_group:
types:
- checks_requested
pull_request:
push:
repository_dispatch:
types: [apb]
types:
- apb

# Set a default shell for any run steps. The `-Eueo pipefail` sets errtrace,
# nounset, errexit, and pipefail. The `-x` will print all commands as they are
# run. Please see the GitHub Actions documentation for more information:
# https://docs.github.com/en/actions/using-jobs/setting-default-values-for-jobs
defaults:
run:
shell: bash -Eueo pipefail -x {0}

env:
CURL_CACHE_DIR: ~/.cache/curl
PIP_CACHE_DIR: ~/.cache/pip
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
RUN_TMATE: ${{ secrets.RUN_TMATE }}
TERRAFORM_DOCS_REPO_BRANCH_NAME: improvement/support_atx_closed_markdown_headers
TERRAFORM_DOCS_REPO_DEPTH: 1
TERRAFORM_DOCS_REPO_URL: https://github.com/mcdonnnj/terraform-docs.git

jobs:
diagnostics:
Expand All @@ -27,7 +42,7 @@ jobs:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v3
uses: crazy-max/ghaction-github-status@v4
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
Expand All @@ -45,20 +60,20 @@ jobs:
uses: cisagov/setup-env-github-action@develop
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.11"
python-version: ${{ steps.setup-env.outputs.python-version }}
# We need the Go version and Go cache location for the actions/cache step,
# so the Go installation must happen before that.
- id: setup-go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
# There is no expectation for actual Go code so we disable caching as
# it relies on the existence of a go.sum file.
cache: false
go-version: "1.20"
- name: Lookup Go cache directory
id: go-cache
go-version: ${{ steps.setup-env.outputs.go-version }}
- id: go-cache
name: Lookup Go cache directory
run: |
echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT
- uses: actions/cache@v3
Expand All @@ -69,6 +84,14 @@ jobs:
packer${{ steps.setup-env.outputs.packer-version }}-\
tf${{ steps.setup-env.outputs.terraform-version }}-"
with:
# We do not use '**/setup.py' in the cache key so only the 'setup.py'
# file in the root of the repository is used. This is in case a Python
# package were to have a 'setup.py' as part of its internal codebase.
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements-test.txt') }}-\
${{ hashFiles('**/requirements.txt') }}-\
${{ hashFiles('**/.pre-commit-config.yaml') }}-\
${{ hashFiles('setup.py') }}"
# Note that the .terraform directory IS NOT included in the
# cache because if we were caching, then we would need to use
# the `-upgrade=true` option. This option blindly pulls down the
Expand All @@ -80,14 +103,6 @@ jobs:
${{ env.PRE_COMMIT_CACHE_DIR }}
${{ env.CURL_CACHE_DIR }}
${{ steps.go-cache.outputs.dir }}
# We do not use '**/setup.py' in the cache key so only the 'setup.py'
# file in the root of the repository is used. This is in case a Python
# package were to have a 'setup.py' as part of its internal codebase.
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements-test.txt') }}-\
${{ hashFiles('**/requirements.txt') }}-\
${{ hashFiles('**/.pre-commit-config.yaml') }}-\
${{ hashFiles('setup.py') }}"
restore-keys: |
${{ env.BASE_CACHE_KEY }}
- name: Setup curl cache
Expand All @@ -105,34 +120,46 @@ jobs:
${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}"
sudo mv /usr/local/bin/packer /usr/local/bin/packer-default
sudo ln -s /opt/packer/packer /usr/local/bin/packer
- uses: hashicorp/setup-terraform@v2
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
- name: Install go-critic
env:
PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic
PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install goimports
env:
PACKAGE_URL: golang.org/x/tools/cmd/goimports
PACKAGE_VERSION: ${{ steps.setup-env.outputs.goimports-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install gosec
env:
PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec
PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install shfmt
env:
PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt
PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install staticcheck
env:
PACKAGE_URL: honnef.co/go/tools/cmd/staticcheck
PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install Terraform-docs
env:
PACKAGE_URL: github.com/terraform-docs/terraform-docs
PACKAGE_VERSION: ${{ steps.setup-env.outputs.terraform-docs-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
# TODO: https://github.com/cisagov/skeleton-generic/issues/165
# We are temporarily using @mcdonnnj's forked branch of terraform-docs
# until his PR: https://github.com/terraform-docs/terraform-docs/pull/745
# is approved. This temporary fix will allow for ATX header support when
# terraform-docs is run during linting.
- name: Clone ATX headers branch from terraform-docs fork
run: |
git clone \
--branch $TERRAFORM_DOCS_REPO_BRANCH_NAME \
--depth $TERRAFORM_DOCS_REPO_DEPTH \
--single-branch \
$TERRAFORM_DOCS_REPO_URL /tmp/terraform-docs
- name: Build and install terraform-docs binary
run: |
go build \
-C /tmp/terraform-docs \
-o $(go env GOPATH)/bin/terraform-docs
- name: Install dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
Expand Down Expand Up @@ -221,10 +248,12 @@ jobs:
with:
egress-policy: audit
- uses: actions/checkout@v4
- id: setup-env
uses: cisagov/setup-env-github-action@develop
- id: setup-python
uses: actions/setup-python@v4
with:
python-version: "3.10"
python-version: ${{ steps.setup-env.outputs.python-version }}
- uses: actions/cache@v3
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
Expand Down
24 changes: 24 additions & 0 deletions .github/workflows/sync-labels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,38 @@ permissions:
contents: read

jobs:
diagnostics:
name: Run diagnostics
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v3
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
labeler:
needs:
- diagnostics
permissions:
# actions/checkout needs this to fetch code
contents: read
# crazy-max/ghaction-github-labeler needs this to manage repository labels
issues: write
runs-on: ubuntu-latest
steps:
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: actions/checkout@v4
- name: Sync repository labels
if: success()
Expand Down
Loading
Loading