Skip to content

Commit

Permalink
Merge remote-tracking branch 'skeleton-python-library/develop' into l…
Browse files Browse the repository at this point in the history
…ineage/skeleton
  • Loading branch information
jsf9k committed Dec 21, 2023
2 parents 1f20dbb + 31075ef commit 3acfc31
Show file tree
Hide file tree
Showing 7 changed files with 135 additions and 29 deletions.
2 changes: 1 addition & 1 deletion .bandit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
# This config is applied to bandit when scanning the "tests" tree

# Tests are first included by `tests`, and then excluded by `skips`.
# If `tests` is empty, all tests are are considered included.
# If `tests` is empty, all tests are considered included.

tests:
# - B101
Expand Down
29 changes: 18 additions & 11 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,30 +5,37 @@
# these updates when the pull request(s) in the appropriate skeleton are merged
# and Lineage processes these changes.

version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
- directory: /
ignore:
# Managed by cisagov/skeleton-generic
- dependency-name: actions/cache
- dependency-name: actions/checkout
- dependency-name: actions/setup-go
- dependency-name: actions/setup-python
- dependency-name: crazy-max/ghaction-dump-context
- dependency-name: crazy-max/ghaction-github-labeler
- dependency-name: crazy-max/ghaction-github-status
- dependency-name: hashicorp/setup-terraform
- dependency-name: mxschmitt/action-tmate
- dependency-name: step-security/harden-runner
# Managed by cisagov/skeleton-python-library
- dependency-name: actions/download-artifact
- dependency-name: actions/upload-artifact
- dependency-name: github/codeql-action/analyze
- dependency-name: github/codeql-action/autobuild
- dependency-name: github/codeql-action/init
package-ecosystem: github-actions
schedule:
interval: weekly

- package-ecosystem: "pip"
directory: "/"
- directory: /
package-ecosystem: pip
schedule:
interval: "weekly"
interval: weekly

- package-ecosystem: "terraform"
directory: "/"
- directory: /
package-ecosystem: terraform
schedule:
interval: "weekly"
interval: weekly
version: 2
77 changes: 72 additions & 5 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,36 @@ env:
RUN_TMATE: ${{ secrets.RUN_TMATE }}

jobs:
diagnostics:
name: Run diagnostics
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v3
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
lint:
needs:
- diagnostics
runs-on: ubuntu-latest
steps:
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: setup-env
uses: cisagov/setup-env-github-action@develop
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
with:
Expand Down Expand Up @@ -84,11 +108,26 @@ jobs:
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
- name: Install go-critic
env:
PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic
PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install gosec
env:
PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec
PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install shfmt
env:
PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt
PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install staticcheck
env:
PACKAGE_URL: honnef.co/go/tools/cmd/staticcheck
PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install Terraform-docs
env:
PACKAGE_URL: github.com/terraform-docs/terraform-docs
Expand All @@ -107,6 +146,8 @@ jobs:
if: env.RUN_TMATE
test:
name: test source - py${{ matrix.python-version }}
needs:
- diagnostics
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
Expand All @@ -119,8 +160,14 @@ jobs:
- "3.9"
- "3.10"
# - "3.11"
# - "3.12"
steps:
- uses: actions/checkout@v3
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
with:
Expand Down Expand Up @@ -162,9 +209,15 @@ jobs:
coveralls-finish:
runs-on: ubuntu-latest
needs:
- diagnostics
- test
steps:
- uses: actions/checkout@v3
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
with:
Expand Down Expand Up @@ -198,6 +251,7 @@ jobs:
build:
name: build wheel - py${{ matrix.python-version }}
needs:
- diagnostics
- lint
- test
runs-on: ${{ matrix.os }}
Expand All @@ -212,8 +266,14 @@ jobs:
- "3.9"
- "3.10"
# - "3.11"
# - "3.12"
steps:
- uses: actions/checkout@v3
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
with:
Expand Down Expand Up @@ -249,6 +309,7 @@ jobs:
test-build:
name: test built wheel - py${{ matrix.python-version }}
needs:
- diagnostics
- build
runs-on: ${{ matrix.os }}
strategy:
Expand All @@ -262,8 +323,14 @@ jobs:
- "3.9"
- "3.10"
# - "3.11"
# - "3.12"
steps:
- uses: actions/checkout@v3
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v4
with:
Expand Down
29 changes: 27 additions & 2 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
name: "CodeQL"
name: CodeQL

on:
push:
Expand All @@ -20,8 +20,27 @@ on:
- cron: '0 14 * * 6'

jobs:
diagnostics:
name: Run diagnostics
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v3
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
analyze:
name: Analyze
needs:
- diagnostics
runs-on: ubuntu-latest
permissions:
# required for all workflows
Expand All @@ -37,8 +56,14 @@ jobs:
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

steps:
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/sync-labels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,10 @@ jobs:
issues: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Sync repository labels
if: success()
uses: crazy-max/ghaction-github-labeler@v4
uses: crazy-max/ghaction-github-labeler@v5
with:
# This is a hideous ternary equivalent so we only do a dry run unless
# this workflow is triggered by the develop branch.
Expand Down
22 changes: 14 additions & 8 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,13 @@ repos:

# Text file hooks
- repo: https://github.com/igorshubovych/markdownlint-cli
rev: v0.34.0
rev: v0.36.0
hooks:
- id: markdownlint
args:
- --config=.mdl_config.yaml
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v3.0.0-alpha.9-for-vscode
rev: v3.0.3
hooks:
- id: prettier
- repo: https://github.com/adrienverge/yamllint
Expand All @@ -49,7 +49,7 @@ repos:

# GitHub Actions hooks
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.23.1
rev: 0.26.3
hooks:
- id: check-github-actions
- id: check-github-workflows
Expand Down Expand Up @@ -82,6 +82,12 @@ repos:
# GoSec
- id: go-sec-repo-mod

# Nix hooks
- repo: https://github.com/nix-community/nixpkgs-fmt
rev: v1.3.0
hooks:
- id: nixpkgs-fmt

# Shell script hooks
- repo: https://github.com/cisagov/pre-commit-shfmt
rev: v0.0.2
Expand Down Expand Up @@ -116,15 +122,15 @@ repos:
- importlib-metadata<5
# Run bandit on everything except the "tests" tree
- repo: https://github.com/PyCQA/bandit
rev: 1.7.4
rev: 1.7.5
hooks:
- id: bandit
name: bandit (everything else)
exclude: tests
additional_dependencies:
- importlib-metadata<5
- repo: https://github.com/psf/black
rev: 23.3.0
- repo: https://github.com/psf/black-pre-commit-mirror
rev: 23.9.1
hooks:
- id: black
- repo: https://github.com/PyCQA/flake8
Expand All @@ -144,7 +150,7 @@ repos:
hooks:
- id: isort
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.3.0
rev: v1.5.1
hooks:
- id: mypy
additional_dependencies:
Expand Down Expand Up @@ -184,7 +190,7 @@ repos:

# Terraform hooks
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.80.0
rev: v1.83.2
hooks:
- id: terraform_fmt
- id: terraform_validate
Expand Down
1 change: 1 addition & 0 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ def get_version(version_file):
"Programming Language :: Python :: 3.9",
"Programming Language :: Python :: 3.10",
# "Programming Language :: Python :: 3.11",
# "Programming Language :: Python :: 3.12",
"Programming Language :: Python :: Implementation :: CPython",
],
python_requires=">=3.7",
Expand Down

0 comments on commit 3acfc31

Please sign in to comment.