Merge pull request #53 from cisagov/lineage/skeleton

⚠️ CONFLICT! Lineage pull request for: skeleton

.github/dependabot.yml

@@ -1,5 +1,10 @@
 ---
 
+# Any ignore directives should be uncommented in downstream projects to disable
+# Dependabot updates for the given dependency. Downstream projects will get
+# these updates when the pull request(s) in the appropriate skeleton are merged
+# and Lineage processes these changes.
+
 version: 2
 updates:
   - package-ecosystem: "docker"
@@ -11,6 +16,18 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    ignore:
+      - dependency-name: actions/cache
+      - dependency-name: actions/checkout
+      - dependency-name: actions/setup-python
+      # Managed by cisagov/skeleton-docker
+      - dependency-name: actions/download-artifact
+      - dependency-name: actions/github-script
+      - dependency-name: actions/upload-artifact
+      - dependency-name: docker/build-push-action
+      - dependency-name: docker/login-action
+      - dependency-name: docker/setup-buildx-action
+      - dependency-name: docker/setup-qemu-action
 
   - package-ecosystem: "pip"
     directory: "/"

.github/workflows/build.yml

@@ -4,12 +4,12 @@ name: build
 on:
   push:
     branches:
-      - '**'
+      - "**"
     tags:
-      - 'v*.*.*'
+      - "v*.*.*"
   pull_request:
   schedule:
-    - cron: '0 10 * * *'  # everyday at 10am
+    - cron: "0 10 * * *"  # everyday at 10am
   repository_dispatch:
     # Respond to rebuild requests. See: https://github.com/cisagov/action-apb/
     types: [apb]
@@ -18,11 +18,11 @@ on:
       remote-shell:
         description: "Debug with remote shell"
         required: true
-        default: false
+        default: "false"
       image-tag:
         description: "Tag to apply to pushed images"
         required: true
-        default: dispatch
+        default: "dispatch"
 
 env:
   BUILDX_CACHE_DIR: ~/.cache/buildx
@@ -43,16 +43,16 @@ jobs:
     steps:
       - id: setup-env
         uses: cisagov/setup-env-github-action@develop
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - id: setup-python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v3
         with:
-          python-version: 3.9
+          python-version: "3.10"
       # We need the Go version and Go cache location for the actions/cache step,
       # so the Go installation must happen before that.
       - uses: actions/setup-go@v2
         with:
-          go-version: '1.16'
+          go-version: "1.16"
       - name: Store installed Go version
         id: go-version
         run: |
@@ -62,7 +62,7 @@ jobs:
         id: go-cache
         run: |
           echo "::set-output name=dir::$(go env GOCACHE)"
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         env:
           BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
             py${{ steps.setup-python.outputs.python-version }}-\
@@ -175,7 +175,7 @@ jobs:
       source_version: ${{ steps.prep.outputs.source_version }}
       tags: ${{ steps.prep.outputs.tags }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Gather repository metadata
         id: repo
         uses: actions/github-script@v5
@@ -234,13 +234,13 @@ jobs:
     needs: [prepare]
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
       - name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         env:
           BASE_CACHE_KEY: buildx-${{ runner.os }}-
         with:
@@ -252,7 +252,7 @@ jobs:
         run: mkdir -p dist
       - name: Build image
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           build-args: |
             VERSION=${{ needs.prepare.outputs.source_version }}
@@ -290,7 +290,7 @@ jobs:
       - name: Compress image
         run: gzip dist/image.tar
       - name: Upload artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: dist
           path: dist
@@ -303,13 +303,13 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - id: setup-python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v3
         with:
           python-version: 3.9
       - name: Cache testing environments
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         env:
           BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
             py${{ steps.setup-python.outputs.python-version }}-"
@@ -325,7 +325,7 @@ jobs:
           python -m pip install --upgrade pip
           pip install --upgrade --requirement requirements-test.txt
       - name: Download docker image artifact
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v3
         with:
           name: dist
           path: dist
@@ -351,24 +351,24 @@ jobs:
     if: github.event_name != 'pull_request'
     steps:
       - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
       - name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         env:
           BASE_CACHE_KEY: buildx-${{ runner.os }}-
         with:
@@ -380,7 +380,7 @@ jobs:
         run: ./buildx-dockerfile.sh
       - name: Build and push platform images to registries
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           build-args: |
             VERSION=${{ needs.prepare.outputs.source_version }}

.mdl_config.yaml

@@ -44,7 +44,17 @@ MD035:
   # Enforce dashes for horizontal rules
   style: "---"
 
-# MD046/code-block-style Code block style
+# MD046/code-block-style - Code block style
 MD046:
   # Enforce the fenced style for code blocks
   style: "fenced"
+
+# MD049/emphasis-style - Emphasis style should be consistent
+MD049:
+  # Enforce asterisks as the style to use for emphasis
+  style: "asterisk"
+
+# MD050/strong-style - Strong style should be consistent
+MD050:
+  # Enforce asterisks as the style to use for strong
+  style: "asterisk"

.pre-commit-config.yaml

@@ -32,13 +32,13 @@ repos:
 
   # Text file hooks
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.30.0
+    rev: v0.31.1
     hooks:
       - id: markdownlint
         args:
           - --config=.mdl_config.yaml
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v2.5.1
+    rev: v2.6.1
     hooks:
       - id: prettier
   - repo: https://github.com/adrienverge/yamllint
@@ -48,9 +48,16 @@ repos:
         args:
           - --strict
 
+  # GitHub Actions hooks
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.14.2
+    hooks:
+      - id: check-github-actions
+      - id: check-github-workflows
+
   # pre-commit hooks
   - repo: https://github.com/pre-commit/pre-commit
-    rev: v2.16.0
+    rev: v2.17.0
     hooks:
       - id: validate_manifest
 
@@ -76,7 +83,7 @@ repos:
 
   # Python hooks
   - repo: https://github.com/PyCQA/bandit
-    rev: 1.7.1
+    rev: 1.7.4
     hooks:
       - id: bandit
         name: bandit (tests tree)
@@ -91,7 +98,7 @@ repos:
         name: bandit (everything else)
         exclude: tests
   - repo: https://github.com/psf/black
-    rev: 21.12b0
+    rev: 22.3.0
     hooks:
       - id: black
   - repo: https://gitlab.com/pycqa/flake8
@@ -105,31 +112,31 @@ repos:
     hooks:
       - id: isort
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v0.931
+    rev: v0.942
     hooks:
       - id: mypy
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.31.0
+    rev: v2.31.1
     hooks:
       - id: pyupgrade
 
   # Ansible hooks
   - repo: https://github.com/ansible-community/ansible-lint
-    rev: v5.3.2
+    rev: v5.4.0
     hooks:
       - id: ansible-lint
       # files: molecule/default/playbook.yml
 
   # Terraform hooks
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.62.3
+    rev: v1.64.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
 
   # Docker hooks
   - repo: https://github.com/IamTheFij/docker-pre-commit
-    rev: v2.0.1
+    rev: v2.1.0
     hooks:
       - id: docker-compose-check
 

.yamllint

@@ -2,6 +2,12 @@
 extends: default
 
 rules:
+  # yamllint does not like it when you comment out different parts of
+  # dictionaries in a list. You can see
+  # https://github.com/adrienverge/yamllint/issues/384 for some examples of
+  # this behavior.
+  comments-indentation: disable
+
   # yamllint doesn't like when we use yes and no for true and false,
   # but that's pretty standard in Ansible.
   truthy: disable

README.md

@@ -51,21 +51,21 @@ Consider using a `docker-compose.yml` file to run Certboto.
 #### Issue a new certificate ####
 
 ```console
-docker-compose run certboto certonly -d lemmy.imotorhead.com
+docker compose run certboto certonly -d lemmy.imotorhead.com
 ```
 
 #### Renew an existing certificate ####
 
 ```console
-docker-compose run certboto
+docker compose run certboto
 ```
 
 #### Additional `certbot` commands ####
 
 The `certbot` help can be displayed without synchronizing with a bucket.
 
 ```console
-docker-compose run certboto --help
+docker compose run certboto --help
 ```
 
 More complicated `certbot` commands may be impossible to escape correctly. The
@@ -75,7 +75,7 @@ directly to `certbot`.  Once the shell exits cleanly, the container will be
 synchronized back to the bucket.
 
 ```console
-docker-compose run certboto --shell
+docker compose run certboto --shell
 ```
 
 #### Disabling Route53 challenges ####
@@ -84,7 +84,7 @@ To disable usage of the Route53 DNS plugin pass `--no-dns-route53` as the first
 argument.  This is useful if you need to use other types of challenges.
 
 ```console
-docker-compose run certboto --no-dns-route53 --manual certonly -d lemmy.imotorhead.com
+docker compose run certboto --no-dns-route53 --manual certonly -d lemmy.imotorhead.com
 ```
 
 ## Using secrets with your container ##
@@ -156,14 +156,14 @@ want set:
 1. Pull the new image from Docker Hub:
 
     ```console
-    docker-compose pull
+    docker compose pull
     ```
 
 1. Recreate the running container by following the
 [previous instructions](#running-with-docker-compose):
 
     ```console
-    docker-compose run certboto
+    docker compose run certboto
     ```
 
 ## Image tags ##

docker-compose.yml

@@ -1,7 +1,7 @@
 ---
 version: "3.7"
 
-# This docker-compose file is used to build and test the container
+# This Docker composition file is used to build and test the container
 
 secrets:
   credentials:

tests/container_test.py

@@ -8,8 +8,6 @@
 # Third-Party Libraries
 import pytest
 
-ENV_VAR = "ECHO_MESSAGE"
-ENV_VAR_VAL = "Hello World from docker-compose!"
 READY_MESSAGE = "Syncing certbot configs"
 TOKEN_ERROR_MESSAGE = "The security token included in the request is invalid"  # nosec
 RELEASE_TAG = os.getenv("RELEASE_TAG")