Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⚠️ CONFLICT! Lineage pull request for: skeleton #216

Draft
wants to merge 158 commits into
base: develop
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
158 commits
Select commit Hold shift + click to select a range
b5e5c11
Bump crazy-max/ghaction-github-status from 3 to 4
dependabot[bot] Sep 13, 2023
371179e
Add a diagnostics job for the label syncing workflow
jsf9k Sep 13, 2023
1f611fc
Make the dev team the owners of the linter configuration files
jsf9k Sep 14, 2023
c356768
Make dev team members the codeowners of the requirements*.txt and set…
jsf9k Sep 14, 2023
0195005
Explicitly list the linter config files the dev team should own
jsf9k Sep 15, 2023
b768a28
Bump hashicorp/setup-terraform from 2 to 3
dependabot[bot] Oct 30, 2023
9f31700
Prefer block style to flow style
mcdonnnj Nov 2, 2023
696433a
Alphabetize entries in the build workflow
mcdonnnj Nov 2, 2023
6503a9e
Add a `merge_group` trigger to the build workflow
mcdonnnj Nov 2, 2023
193e799
Bump actions/setup-go from 4 to 5
dependabot[bot] Dec 11, 2023
5c84295
Bump actions/setup-python from 4 to 5
dependabot[bot] Dec 11, 2023
4a63dbe
Switch pre-commit hooks for running shfmt
mcdonnnj Jan 18, 2024
3236b1b
Remove installation of shfmt in the `build` workflow
mcdonnnj Jan 18, 2024
5ddb14d
Use long options for shfmt arguments
mcdonnnj Jan 18, 2024
8ecd957
Add additional shfmt options
mcdonnnj Jan 18, 2024
242921b
Set the default shell for all run steps in the build workflow
mcdonnnj Sep 21, 2023
c7b18dc
Add linting with goimports to the pre-commit configuration
mcdonnnj Jan 12, 2024
f6d9d6e
Add ATX Header Support for terraform-docs
Jan 22, 2024
544e478
Add prepended names to variables to describe their function
michaelsaki Jan 22, 2024
f5fa0ff
Remove unnecessary capitalizations and fix grammar
michaelsaki Jan 22, 2024
36361dd
Simplify steps in the build/install portion of workflow
michaelsaki Jan 22, 2024
3711ebe
Add TODO label
michaelsaki Jan 23, 2024
d114fb4
Move TODO and add link to the issue
michaelsaki Jan 23, 2024
c907cfc
Alphabetize switches
michaelsaki Jan 23, 2024
48db3e3
Allow setup-env to specify Python version
Jan 25, 2024
c10929a
Add /dev/null and remove TMPFILE
michaelsaki Jan 25, 2024
adada40
Place flags in the correct order for -r and -p
Jan 25, 2024
1861b9b
Remove unneccessary spacing
Jan 25, 2024
3f623e4
Alphabetize flags and descriptions
michaelsaki Jan 25, 2024
9497dc2
Move misplaced exit
jsf9k Jan 26, 2024
e1d0f28
Remove premature pyenv local command
jsf9k Jan 26, 2024
517b336
Include PYTHON_VERSION when running pyenv virtualenv
jsf9k Jan 26, 2024
2e5794c
Add getopt variables and short flags
Jan 30, 2024
8a50031
Remove redundant flag initialization
Jan 30, 2024
0df0e6a
Add getopt functionality and -n flag
Jan 30, 2024
60cad12
Update the usage and force documentation
Jan 30, 2024
b6ab6d8
Update usage with long options
Feb 7, 2024
d362614
Add gnu-getopt functionality and error handling
Feb 7, 2024
f924584
Add documentation in CONTRIBUTING.md for gnu-getopt
Feb 7, 2024
ba86ead
Fix grammar and capitalization errors
michaelsaki Feb 7, 2024
ba0fc19
Combine PATH exports to single line
michaelsaki Feb 7, 2024
1240bdd
Improve usage instructions
michaelsaki Feb 7, 2024
297b5bd
Add $(brew --prefix) to PATH for getopt
michaelsaki Feb 7, 2024
7af70f5
Fix confusing wording
michaelsaki Feb 7, 2024
e5a2d14
Replace virt_env_name w/ virtual_env_name for clarity
michaelsaki Feb 7, 2024
82c70e0
Differentiate between GNU getopt and gnu-getopt brew formula
michaelsaki Feb 13, 2024
493a4a3
Add parenthesis over brew link
michaelsaki Feb 13, 2024
3bc9aeb
Refactor flag names for clarity and accuracy
Feb 14, 2024
0be1f63
Elaborate on message when checking for GNU getopt
Feb 14, 2024
c8f0b1b
Remove unnecessary nounset flipping logic
Feb 14, 2024
495862a
Separate pyenv PATH from GNU getopt PATH
Feb 14, 2024
33582a1
Add checks for semantic python versions
Feb 14, 2024
9438194
Refactor code for the semantic check
Feb 14, 2024
4752b37
Improve verbiage in comments
michaelsaki Feb 21, 2024
2e38997
Clarify between pyenv and GNU getopt setup
michaelsaki Feb 21, 2024
f8824c8
Improve comment on conditional check for regex
Feb 21, 2024
88724e7
Add comment explaining that GNU getopt is keg-only
Feb 21, 2024
c1870be
Improve comments to better describe `keg-only` terminology
michaelsaki Feb 21, 2024
a3f69cd
Change "'setup-env' tool" to "'setup-env' script"
michaelsaki Feb 26, 2024
8ff5179
Remove build-in error exit for generic error exit
michaelsaki Feb 26, 2024
1c21e2b
Change verbiage from 'tool' to 'script' for clarity
michaelsaki Feb 26, 2024
3acc8d6
Check for pyenv earlier in the script
Feb 26, 2024
b377ce7
Explain -r and -p in Python version prompt
Feb 26, 2024
74838a2
Refine exit code to 64 with gnu-getopt note
Feb 26, 2024
487126e
Rename gnu-getopt tool to GNU getopt formula
michaelsaki Feb 28, 2024
6c82a8d
Fix whitespace for usage menu
michaelsaki Feb 28, 2024
324f6d4
Add link to brew terminology
michaelsaki Feb 28, 2024
a26d0e3
Rephrase comment to improve clarity
michaelsaki Feb 28, 2024
0510870
Improve comment for clarity
michaelsaki Feb 28, 2024
01abde6
Improve verbiage in comment
Feb 28, 2024
0989d17
Change comments for macOS and venv_name
Feb 28, 2024
a9c6ed8
Improve comments for clarity
michaelsaki Feb 29, 2024
b9c729f
Update pre-commit hook versions
mcdonnnj Jan 4, 2024
4c93395
Manually update the prettier hook
mcdonnnj Jan 4, 2024
9a0e7c3
Merge pull request #149 from cisagov/dependabot/github_actions/crazy-…
mcdonnnj Mar 6, 2024
d0d8783
Merge pull request #150 from cisagov/improvement/add-diagnostics-to-l…
mcdonnnj Mar 6, 2024
158abf5
Merge pull request #151 from cisagov/improvement/make-ois-own-linting…
mcdonnnj Mar 6, 2024
6f23c97
Merge pull request #155 from cisagov/dependabot/github_actions/hashic…
mcdonnnj Mar 6, 2024
c0043bd
Merge pull request #156 from cisagov/improvement/better_support_merge…
mcdonnnj Mar 6, 2024
e5ffc52
Merge pull request #158 from cisagov/dependabot/github_actions/action…
mcdonnnj Mar 6, 2024
59b2ad1
Merge pull request #159 from cisagov/dependabot/github_actions/action…
mcdonnnj Mar 6, 2024
57bef4a
Merge pull request #161 from cisagov/maintenance/update_pre-commit_hooks
mcdonnnj Mar 6, 2024
01c9e11
Merge pull request #162 from cisagov/improvement/set_default_for_run_…
mcdonnnj Mar 6, 2024
d1a186d
Merge pull request #166 from cisagov/improvement/allow_setup-env_to_s…
mcdonnnj Mar 6, 2024
7169dcf
Use Python and Go versions provided by cisagov/setup-env-github-action
mcdonnnj Nov 11, 2023
95a61f5
Merge pull request #157 from cisagov/improvement/get_more_versions_fr…
mcdonnnj Mar 6, 2024
81735c2
Merge pull request #160 from cisagov/improvement/switch_pre-commit_ho…
mcdonnnj Mar 6, 2024
4f73489
Merge pull request #163 from cisagov/improvement/add_goimports_hook
mcdonnnj Mar 6, 2024
9020b55
Merge pull request #164 from cisagov/improvement/install_atx_header_s…
mcdonnnj Mar 6, 2024
035cf86
Switch pre-commit hooks for running shellcheck
mcdonnnj Feb 27, 2024
e79569c
Merge pull request #168 from cisagov/improvement/switch_pre-commit_ho…
mcdonnnj Mar 6, 2024
cea8edc
Add checks for semantic python versions
Feb 14, 2024
d5c7c4a
Refactor code for the semantic check
Feb 14, 2024
f7b9d05
Merge branch 'improvement/correct-semantic-python-version-checks' of …
Mar 18, 2024
327ab73
Remove example of correct semantic version
Mar 18, 2024
4dedf50
Refactor the error message for the user
Mar 20, 2024
e84deea
Improve the semantic error message
Mar 20, 2024
5fdc7be
Fix grammar
michaelsaki Mar 20, 2024
42ef8c2
Refactor regex, add link, and improve comments
Mar 21, 2024
a77e5e1
Update link to use semver.org over regex101.com
Mar 21, 2024
5fe14c7
Remove unnecessary period
michaelsaki Mar 21, 2024
b7896a0
Add a meta hook to the pre-commit configuration
mcdonnnj Apr 20, 2024
260566f
Remove `exclude` directive that does not apply to any files
mcdonnnj Apr 20, 2024
5276f55
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
Apr 30, 2024
07e2b60
Pin ansible-core when running the ansible-lint linter
jsf9k May 4, 2024
c74e5db
Remove unnecessary line
jsf9k May 4, 2024
2e53e0d
Explain why ansible may need to be added as a dependency for ansible-…
jsf9k May 7, 2024
f51fe62
Update pre-commit hook versions
mcdonnnj May 11, 2024
8e55b8e
Manually update the prettier hook
mcdonnnj Jun 6, 2024
c617bb9
Correct commented-out ansible pin
jsf9k Jun 6, 2024
de92c3c
Merge pull request #183 from cisagov/maintenance/update_pre-commit_hooks
mcdonnnj Jun 6, 2024
7ddea47
Merge pull request #182 from cisagov/improvement/pin-packages-for-ans…
mcdonnnj Jun 6, 2024
5061e08
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
Jun 6, 2024
a68994d
Add a lower-bound pin for flake8-docstrings
jsf9k Jul 1, 2024
43b91c7
Use the hashicorp/setup-packer GitHub Action
mcdonnnj Aug 12, 2024
8ada75d
Remove @jasonodoom as a codeowner
jsf9k Aug 23, 2024
2930208
Pin to a specific version
jsf9k Aug 26, 2024
46e0553
Bump actions/cache from 3 to 4
dependabot[bot] Sep 24, 2024
3167421
Bump crazy-max/ghaction-github-status from 3 to 4
dependabot[bot] Sep 24, 2024
6a58c2c
Update pre-commit hook versions
mcdonnnj Aug 12, 2024
553efcb
Manually update the prettier hook
mcdonnnj Aug 12, 2024
184e749
Merge pull request #170 from cisagov/dependabot/github_actions/crazy-…
mcdonnnj Sep 25, 2024
d99c117
Merge pull request #171 from cisagov/dependabot/github_actions/action…
mcdonnnj Sep 25, 2024
2491ca0
Merge pull request #187 from cisagov/improvement/use_setup_packer_action
mcdonnnj Sep 25, 2024
f6c9537
Merge pull request #176 from cisagov/improvement/correct-semantic-pyt…
mcdonnnj Sep 25, 2024
10e5f6f
Merge pull request #188 from cisagov/remove-odoom-as-a-codeowner
mcdonnnj Sep 25, 2024
045a998
Add a pre-commit hook to run pip-audit
mcdonnnj Jan 18, 2024
28dc4ce
Merge pull request #178 from cisagov/improvement/add_pre-commit_meta_…
mcdonnnj Sep 25, 2024
5801cec
Merge pull request #179 from cisagov/improvement/add_pip-audit_pre-co…
mcdonnnj Sep 25, 2024
e61255c
Merge pull request #184 from cisagov/improvement/pin-flake8-docstrings
mcdonnnj Sep 25, 2024
44cd1be
Merge pull request #185 from cisagov/maintenance/update_pre-commit_hooks
mcdonnnj Sep 25, 2024
c502f1a
Use the rbubley/mirrors-prettier hook for prettier
mcdonnnj Aug 12, 2024
f0e55b3
Merge pull request #186 from cisagov/improvement/switch_prettier_hook
mcdonnnj Sep 25, 2024
6232826
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
Sep 25, 2024
942c0dc
Add a new trigger for the sync-labels GitHub Actions workflow
mcdonnnj Aug 13, 2024
a267662
Remove unnecessary quotes in the sync-labels workflow
mcdonnnj Aug 13, 2024
dc7f09e
Add four new hooks from pre-commit/pre-commit-hooks
mcdonnnj Sep 14, 2024
343d2cc
Add the GitHubSecurityLab/actions-permissions/monitor Action
mcdonnnj Oct 28, 2024
8a77a8b
Restrict permissions of GITHUB_TOKEN
mcdonnnj Oct 28, 2024
3b1d4ef
Update pre-commit hook versions
mcdonnnj Oct 16, 2024
1d285f2
Sort hook ids in each pre-commit hook entry
mcdonnnj Oct 29, 2024
5da1059
Merge pull request #189 from cisagov/improvement/manually_run_sync-la…
mcdonnnj Oct 30, 2024
ff221ba
Merge pull request #190 from cisagov/improvement/add_actions-permissi…
mcdonnnj Oct 30, 2024
971602a
Merge pull request #191 from cisagov/improvement/github_tokenn_polp
mcdonnnj Oct 30, 2024
bdf8a25
Merge pull request #192 from cisagov/maintenance/update_pre-commit_hooks
mcdonnnj Oct 30, 2024
6959971
Merge pull request #193 from cisagov/improvement/add_more_pre-commit_…
mcdonnnj Oct 30, 2024
f517db7
Merge pull request #194 from cisagov/improvement/ensure_pre-commit_ho…
mcdonnnj Oct 30, 2024
435499e
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
Oct 30, 2024
8824475
Update the commented out dependabot ignore directives
mcdonnnj Nov 1, 2024
e6afb68
Merge pull request #195 from cisagov/bug/add_missing_dependabot_ignore
mcdonnnj Nov 1, 2024
de77c88
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
Nov 1, 2024
12a91ad
Bump up the lower bound on ansible-core
jsf9k Nov 8, 2024
b9f798d
Update the version of the ansible-lint pre-commit hook
jsf9k Nov 13, 2024
cca133a
Adjust pin for ansible-core
jsf9k Nov 14, 2024
bd85261
Add comments about looming EOL issues for ansible and ansible-core
jsf9k Nov 20, 2024
f7ccd9a
Merge pull request #196 from cisagov/improvement/add-a-lower-bound-pi…
jsf9k Nov 20, 2024
a794735
Merge pull request #197 from cisagov/improvement/upgrade-ansible-lint…
jsf9k Nov 20, 2024
fead1c3
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
Nov 20, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 19 additions & 1 deletion .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,28 @@
# These owners will be the default owners for everything in the
# repo. Unless a later match takes precedence, these owners will be
# requested for review when someone opens a pull request.
<<<<<<< HEAD


* @aloftus23 @cduhn17 @Matthew-Grayson @nickviola @rapidray12 @schmelz21
=======
* @dav3r @felddy @jsf9k @mcdonnnj
>>>>>>> f0e55b3d6fefccf87103354e918b03028abd6f8e

# These folks own any files in the .github directory at the root of
# the repository and any of its subdirectories.
/.github/ @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
/.github/ @dav3r @felddy @jsf9k @mcdonnnj

# These folks own all linting configuration files.
/.ansible-lint @dav3r @felddy @jsf9k @mcdonnnj
/.bandit.yml @dav3r @felddy @jsf9k @mcdonnnj
/.flake8 @dav3r @felddy @jsf9k @mcdonnnj
/.isort.cfg @dav3r @felddy @jsf9k @mcdonnnj
/.mdl_config.yaml @dav3r @felddy @jsf9k @mcdonnnj
/.pre-commit-config.yaml @dav3r @felddy @jsf9k @mcdonnnj
/.prettierignore @dav3r @felddy @jsf9k @mcdonnnj
/.yamllint @dav3r @felddy @jsf9k @mcdonnnj
/requirements.txt @dav3r @felddy @jsf9k @mcdonnnj
/requirements-dev.txt @dav3r @felddy @jsf9k @mcdonnnj
/requirements-test.txt @dav3r @felddy @jsf9k @mcdonnnj
/setup-env @dav3r @felddy @jsf9k @mcdonnnj
39 changes: 39 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,43 @@
---
<<<<<<< HEAD
=======

# Any ignore directives should be uncommented in downstream projects to disable
# Dependabot updates for the given dependency. Downstream projects will get
# these updates when the pull request(s) in the appropriate skeleton are merged
# and Lineage processes these changes.

updates:
- directory: /
# ignore:
# # Managed by cisagov/skeleton-generic
# - dependency-name: actions/cache
# - dependency-name: actions/checkout
# - dependency-name: actions/setup-go
# - dependency-name: actions/setup-python
# - dependency-name: cisagov/setup-env-github-action
# - dependency-name: crazy-max/ghaction-dump-context
# - dependency-name: crazy-max/ghaction-github-labeler
# - dependency-name: crazy-max/ghaction-github-status
# - dependency-name: GitHubSecurityLab/actions-permissions
# - dependency-name: hashicorp/setup-packer
# - dependency-name: hashicorp/setup-terraform
# - dependency-name: mxschmitt/action-tmate
# - dependency-name: step-security/harden-runner
package-ecosystem: github-actions
schedule:
interval: weekly

- directory: /
package-ecosystem: pip
schedule:
interval: weekly

- directory: /
package-ecosystem: terraform
schedule:
interval: weekly
>>>>>>> f517db7930c879e0b365c3a7795d722894fea581
version: 2
updates:
- package-ecosystem: github-actions
Expand Down
109 changes: 103 additions & 6 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,40 +2,69 @@
name: build

on:
push:
merge_group:
types:
- checks_requested
pull_request:
push:
repository_dispatch:
types: [apb]
types:
- apb

# Set a default shell for any run steps. The `-Eueo pipefail` sets errtrace,
# nounset, errexit, and pipefail. The `-x` will print all commands as they are
# run. Please see the GitHub Actions documentation for more information:
# https://docs.github.com/en/actions/using-jobs/setting-default-values-for-jobs
defaults:
run:
shell: bash -Eueo pipefail -x {0}

env:
CURL_CACHE_DIR: ~/.cache/curl
PIP_CACHE_DIR: ~/.cache/pip
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
RUN_TMATE: ${{ secrets.RUN_TMATE }}
TERRAFORM_DOCS_REPO_BRANCH_NAME: improvement/support_atx_closed_markdown_headers
TERRAFORM_DOCS_REPO_DEPTH: 1
TERRAFORM_DOCS_REPO_URL: https://github.com/mcdonnnj/terraform-docs.git

jobs:
diagnostics:
name: Run diagnostics
# This job does not need any permissions
permissions: {}
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v3
uses: crazy-max/ghaction-github-status@v4
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
lint:
needs:
- diagnostics
permissions:
# actions/checkout needs this to fetch code
contents: read
runs-on: ubuntu-latest
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
Expand All @@ -45,28 +74,48 @@ jobs:
uses: cisagov/setup-env-github-action@develop
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
<<<<<<< HEAD
python-version: '3.11'
=======
python-version: ${{ steps.setup-env.outputs.python-version }}
>>>>>>> e79569c534ec91872ed8fb7733a23b7ca35f8b60
# We need the Go version and Go cache location for the actions/cache step,
# so the Go installation must happen before that.
- id: setup-go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
# There is no expectation for actual Go code so we disable caching as
# it relies on the existence of a go.sum file.
cache: false
<<<<<<< HEAD
go-version: '1.20'
- name: Lookup Go cache directory
id: go-cache
run: echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT
=======
go-version: ${{ steps.setup-env.outputs.go-version }}
- id: go-cache
name: Lookup Go cache directory
run: |
echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT
<<<<<<< HEAD
>>>>>>> e79569c534ec91872ed8fb7733a23b7ca35f8b60
- uses: actions/cache@v3
=======
- uses: actions/cache@v4
>>>>>>> f0e55b3d6fefccf87103354e918b03028abd6f8e
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
py${{ steps.setup-python.outputs.python-version }}-\
go${{ steps.setup-go.outputs.go-version }}-\
tf${{ steps.setup-env.outputs.terraform-version }}-"
with:
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements-test.txt') }}-\
${{ hashFiles('**/requirements.txt') }}-\
${{ hashFiles('**/.pre-commit-config.yaml') }}"
# Note that the .terraform directory IS NOT included in the
# cache because if we were caching, then we would need to use
# the `-upgrade=true` option. This option blindly pulls down the
Expand All @@ -77,6 +126,7 @@ jobs:
${{ env.PIP_CACHE_DIR }}
${{ env.PRE_COMMIT_CACHE_DIR }}
${{ steps.go-cache.outputs.dir }}
<<<<<<< HEAD
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements-test.txt') }}-\
${{ hashFiles('**/requirements.txt') }}-\
Expand All @@ -95,6 +145,53 @@ jobs:
PACKAGE_URL: github.com/terraform-docs/terraform-docs
PACKAGE_VERSION: ${{ steps.setup-env.outputs.terraform-docs-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
=======
restore-keys: |
${{ env.BASE_CACHE_KEY }}
- uses: hashicorp/setup-packer@v3
with:
version: ${{ steps.setup-env.outputs.packer-version }}
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
- name: Install go-critic
env:
PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic
PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install goimports
env:
PACKAGE_URL: golang.org/x/tools/cmd/goimports
PACKAGE_VERSION: ${{ steps.setup-env.outputs.goimports-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install gosec
env:
PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec
PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install staticcheck
env:
PACKAGE_URL: honnef.co/go/tools/cmd/staticcheck
PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
# TODO: https://github.com/cisagov/skeleton-generic/issues/165
# We are temporarily using @mcdonnnj's forked branch of terraform-docs
# until his PR: https://github.com/terraform-docs/terraform-docs/pull/745
# is approved. This temporary fix will allow for ATX header support when
# terraform-docs is run during linting.
- name: Clone ATX headers branch from terraform-docs fork
run: |
git clone \
--branch $TERRAFORM_DOCS_REPO_BRANCH_NAME \
--depth $TERRAFORM_DOCS_REPO_DEPTH \
--single-branch \
$TERRAFORM_DOCS_REPO_URL /tmp/terraform-docs
- name: Build and install terraform-docs binary
run: |
go build \
-C /tmp/terraform-docs \
-o $(go env GOPATH)/bin/terraform-docs
>>>>>>> e79569c534ec91872ed8fb7733a23b7ca35f8b60
- name: Install dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
Expand Down
40 changes: 40 additions & 0 deletions .github/workflows/sync-labels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,19 +6,59 @@ on:
paths:
- .github/labels.yml
- .github/workflows/sync-labels.yml
<<<<<<< HEAD
=======
workflow_dispatch:
>>>>>>> f517db7930c879e0b365c3a7795d722894fea581

permissions:
contents: read

jobs:
diagnostics:
name: Run diagnostics
# This job does not need any permissions
permissions: {}
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v4
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
labeler:
needs:
- diagnostics
permissions:
# actions/checkout needs this to fetch code
contents: read
# crazy-max/ghaction-github-labeler needs this to manage repository labels
issues: write
runs-on: ubuntu-latest
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
# Uses the organization variable unless overridden
config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: actions/checkout@v4
- name: Sync repository labels
if: success()
Expand Down
Loading
Loading