diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 41a26d0..df7b865 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,5 +1,10 @@ --- +# Any ignore directives should be uncommented in downstream projects to disable +# Dependabot updates for the given dependency. Downstream projects will get +# these updates when the pull request(s) in the appropriate skeleton are merged +# and Lineage processes these changes. + version: 2 updates: - package-ecosystem: "docker" @@ -11,6 +16,18 @@ updates: directory: "/" schedule: interval: "weekly" + ignore: + - dependency-name: actions/cache + - dependency-name: actions/checkout + - dependency-name: actions/setup-python + # Managed by cisagov/skeleton-docker + - dependency-name: actions/download-artifact + - dependency-name: actions/github-script + - dependency-name: actions/upload-artifact + - dependency-name: docker/build-push-action + - dependency-name: docker/login-action + - dependency-name: docker/setup-buildx-action + - dependency-name: docker/setup-qemu-action - package-ecosystem: "pip" directory: "/" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c01f29a..b539e95 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,12 +4,12 @@ name: build on: push: branches: - - '**' + - "**" tags: - - 'v*.*.*' + - "v*.*.*" pull_request: schedule: - - cron: '0 10 * * *' # everyday at 10am + - cron: "0 10 * * *" # everyday at 10am repository_dispatch: # Respond to rebuild requests. See: https://github.com/cisagov/action-apb/ types: [apb] @@ -18,11 +18,11 @@ on: remote-shell: description: "Debug with remote shell" required: true - default: false + default: "false" image-tag: description: "Tag to apply to pushed images" required: true - default: dispatch + default: "dispatch" env: BUILDX_CACHE_DIR: ~/.cache/buildx @@ -43,16 +43,16 @@ jobs: steps: - id: setup-env uses: cisagov/setup-env-github-action@develop - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - id: setup-python - uses: actions/setup-python@v2 + uses: actions/setup-python@v3 with: - python-version: 3.9 + python-version: "3.10" # We need the Go version and Go cache location for the actions/cache step, # so the Go installation must happen before that. - uses: actions/setup-go@v2 with: - go-version: '1.16' + go-version: "1.16" - name: Store installed Go version id: go-version run: | @@ -62,7 +62,7 @@ jobs: id: go-cache run: | echo "::set-output name=dir::$(go env GOCACHE)" - - uses: actions/cache@v2 + - uses: actions/cache@v3 env: BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\ py${{ steps.setup-python.outputs.python-version }}-\ @@ -175,7 +175,7 @@ jobs: source_version: ${{ steps.prep.outputs.source_version }} tags: ${{ steps.prep.outputs.tags }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Gather repository metadata id: repo uses: actions/github-script@v5 @@ -234,13 +234,13 @@ jobs: needs: [prepare] steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Cache Docker layers - uses: actions/cache@v2 + uses: actions/cache@v3 env: BASE_CACHE_KEY: buildx-${{ runner.os }}- with: @@ -252,7 +252,7 @@ jobs: run: mkdir -p dist - name: Build image id: docker_build - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: build-args: | VERSION=${{ needs.prepare.outputs.source_version }} @@ -290,7 +290,7 @@ jobs: - name: Compress image run: gzip dist/image.tar - name: Upload artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: dist path: dist @@ -303,13 +303,13 @@ jobs: runs-on: ubuntu-latest needs: [build] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - id: setup-python - uses: actions/setup-python@v2 + uses: actions/setup-python@v3 with: python-version: 3.9 - name: Cache testing environments - uses: actions/cache@v2 + uses: actions/cache@v3 env: BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\ py${{ steps.setup-python.outputs.python-version }}-" @@ -325,7 +325,7 @@ jobs: python -m pip install --upgrade pip pip install --upgrade --requirement requirements-test.txt - name: Download docker image artifact - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: name: dist path: dist @@ -351,24 +351,24 @@ jobs: if: github.event_name != 'pull_request' steps: - name: Login to Docker Hub - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Cache Docker layers - uses: actions/cache@v2 + uses: actions/cache@v3 env: BASE_CACHE_KEY: buildx-${{ runner.os }}- with: @@ -380,7 +380,7 @@ jobs: run: ./buildx-dockerfile.sh - name: Build and push platform images to registries id: docker_build - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: build-args: | VERSION=${{ needs.prepare.outputs.source_version }} diff --git a/.mdl_config.yaml b/.mdl_config.yaml index b36f943..4a650c1 100644 --- a/.mdl_config.yaml +++ b/.mdl_config.yaml @@ -44,7 +44,17 @@ MD035: # Enforce dashes for horizontal rules style: "---" -# MD046/code-block-style Code block style +# MD046/code-block-style - Code block style MD046: # Enforce the fenced style for code blocks style: "fenced" + +# MD049/emphasis-style - Emphasis style should be consistent +MD049: + # Enforce asterisks as the style to use for emphasis + style: "asterisk" + +# MD050/strong-style - Strong style should be consistent +MD050: + # Enforce asterisks as the style to use for strong + style: "asterisk" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 09f9cec..a6cc81b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -32,13 +32,13 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.30.0 + rev: v0.31.1 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v2.5.1 + rev: v2.6.1 hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint @@ -48,9 +48,16 @@ repos: args: - --strict + # GitHub Actions hooks + - repo: https://github.com/python-jsonschema/check-jsonschema + rev: 0.14.2 + hooks: + - id: check-github-actions + - id: check-github-workflows + # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v2.16.0 + rev: v2.17.0 hooks: - id: validate_manifest @@ -76,7 +83,7 @@ repos: # Python hooks - repo: https://github.com/PyCQA/bandit - rev: 1.7.1 + rev: 1.7.4 hooks: - id: bandit name: bandit (tests tree) @@ -91,7 +98,7 @@ repos: name: bandit (everything else) exclude: tests - repo: https://github.com/psf/black - rev: 21.12b0 + rev: 22.3.0 hooks: - id: black - repo: https://gitlab.com/pycqa/flake8 @@ -105,31 +112,31 @@ repos: hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v0.931 + rev: v0.942 hooks: - id: mypy - repo: https://github.com/asottile/pyupgrade - rev: v2.31.0 + rev: v2.31.1 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible-community/ansible-lint - rev: v5.3.2 + rev: v5.4.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.62.3 + rev: v1.64.0 hooks: - id: terraform_fmt - id: terraform_validate # Docker hooks - repo: https://github.com/IamTheFij/docker-pre-commit - rev: v2.0.1 + rev: v2.1.0 hooks: - id: docker-compose-check diff --git a/.yamllint b/.yamllint index 7ed00eb..76a1cce 100644 --- a/.yamllint +++ b/.yamllint @@ -2,6 +2,12 @@ extends: default rules: + # yamllint does not like it when you comment out different parts of + # dictionaries in a list. You can see + # https://github.com/adrienverge/yamllint/issues/384 for some examples of + # this behavior. + comments-indentation: disable + # yamllint doesn't like when we use yes and no for true and false, # but that's pretty standard in Ansible. truthy: disable diff --git a/README.md b/README.md index 436b02e..298a55b 100644 --- a/README.md +++ b/README.md @@ -51,13 +51,13 @@ Consider using a `docker-compose.yml` file to run Certboto. #### Issue a new certificate #### ```console -docker-compose run certboto certonly -d lemmy.imotorhead.com +docker compose run certboto certonly -d lemmy.imotorhead.com ``` #### Renew an existing certificate #### ```console -docker-compose run certboto +docker compose run certboto ``` #### Additional `certbot` commands #### @@ -65,7 +65,7 @@ docker-compose run certboto The `certbot` help can be displayed without synchronizing with a bucket. ```console -docker-compose run certboto --help +docker compose run certboto --help ``` More complicated `certbot` commands may be impossible to escape correctly. The @@ -75,7 +75,7 @@ directly to `certbot`. Once the shell exits cleanly, the container will be synchronized back to the bucket. ```console -docker-compose run certboto --shell +docker compose run certboto --shell ``` #### Disabling Route53 challenges #### @@ -84,7 +84,7 @@ To disable usage of the Route53 DNS plugin pass `--no-dns-route53` as the first argument. This is useful if you need to use other types of challenges. ```console -docker-compose run certboto --no-dns-route53 --manual certonly -d lemmy.imotorhead.com +docker compose run certboto --no-dns-route53 --manual certonly -d lemmy.imotorhead.com ``` ## Using secrets with your container ## @@ -156,14 +156,14 @@ want set: 1. Pull the new image from Docker Hub: ```console - docker-compose pull + docker compose pull ``` 1. Recreate the running container by following the [previous instructions](#running-with-docker-compose): ```console - docker-compose run certboto + docker compose run certboto ``` ## Image tags ## diff --git a/docker-compose.yml b/docker-compose.yml index c1fbd34..ca0ab41 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ --- version: "3.7" -# This docker-compose file is used to build and test the container +# This Docker composition file is used to build and test the container secrets: credentials: diff --git a/tests/container_test.py b/tests/container_test.py index db5b25f..e19b720 100644 --- a/tests/container_test.py +++ b/tests/container_test.py @@ -8,8 +8,6 @@ # Third-Party Libraries import pytest -ENV_VAR = "ECHO_MESSAGE" -ENV_VAR_VAL = "Hello World from docker-compose!" READY_MESSAGE = "Syncing certbot configs" TOKEN_ERROR_MESSAGE = "The security token included in the request is invalid" # nosec RELEASE_TAG = os.getenv("RELEASE_TAG")