From 4cb9a4b5863abc317de4daa8fa72487ac930c3d0 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Mon, 10 Jul 2023 12:52:36 -0400 Subject: [PATCH 01/38] Add steps to setup go packages for pre-commit --- .github/workflows/build.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c992e8e..f07c640 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -33,6 +33,22 @@ jobs: # it relies on the existence of a go.sum file. cache: false go-version: "1.20" + - id: setup-go-critic + run: go install -v github.com/go-critic/go-critic/cmd/gocritic@latest + - id: setup staticheck + uses: actions/checkout@v2 + with: + fetch-depth: 1 + - name: Run staticcheck + uses: dominikh/staticcheck-action@v1.3.0 + with: + version: "2022.1.3" + - id: setup-go-sec + uses: actions/checkout@v3 + env: + GO111MODULE: on + - name: Run Gosec Security Scanner + uses: securego/gosec@master - name: Lookup Go cache directory id: go-cache run: | From 53f56b01103783ba2d71c7ad64dc5c4c390c8388 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Mon, 10 Jul 2023 18:01:24 -0400 Subject: [PATCH 02/38] Update action/checkout to use same version --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f07c640..4731169 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,7 +36,7 @@ jobs: - id: setup-go-critic run: go install -v github.com/go-critic/go-critic/cmd/gocritic@latest - id: setup staticheck - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 1 - name: Run staticcheck From f2610994eacc942a8b4a3771c0c0d8d69fb286c1 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Mon, 10 Jul 2023 18:17:46 -0400 Subject: [PATCH 03/38] Set specific gocritic version --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4731169..cfbc847 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -34,7 +34,7 @@ jobs: cache: false go-version: "1.20" - id: setup-go-critic - run: go install -v github.com/go-critic/go-critic/cmd/gocritic@latest + run: go install -v github.com/go-critic/go-critic/cmd/gocritic@0.8.1 - id: setup staticheck uses: actions/checkout@v3 with: From 097b573a1eba564d2aeb260f676f01776ff10aba Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Mon, 10 Jul 2023 19:34:48 -0400 Subject: [PATCH 04/38] Update build workflow with package installtion --- .github/workflows/build.yml | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cfbc847..3cab3fb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -33,22 +33,6 @@ jobs: # it relies on the existence of a go.sum file. cache: false go-version: "1.20" - - id: setup-go-critic - run: go install -v github.com/go-critic/go-critic/cmd/gocritic@0.8.1 - - id: setup staticheck - uses: actions/checkout@v3 - with: - fetch-depth: 1 - - name: Run staticcheck - uses: dominikh/staticcheck-action@v1.3.0 - with: - version: "2022.1.3" - - id: setup-go-sec - uses: actions/checkout@v3 - env: - GO111MODULE: on - - name: Run Gosec Security Scanner - uses: securego/gosec@master - name: Lookup Go cache directory id: go-cache run: | @@ -80,6 +64,16 @@ jobs: ${{ env.BASE_CACHE_KEY }} - name: Setup curl cache run: mkdir -p ${{ env.CURL_CACHE_DIR }} + - name: Install GoCritic + env: + PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic + PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }} + run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} + - name: Install GoSec + env: + PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec + PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }} + run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install Packer env: PACKER_VERSION: ${{ steps.setup-env.outputs.packer-version }} @@ -101,6 +95,11 @@ jobs: PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} + - name: Install Staticcheck + env: + PACKAGE_URL: dominikh/staticcheck-action + PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-staticcheck-version }} + run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install Terraform-docs env: PACKAGE_URL: github.com/terraform-docs/terraform-docs From 254282a5f9c5c55c2e95459f929e41a1d85e9ae2 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Tue, 11 Jul 2023 15:06:07 -0400 Subject: [PATCH 05/38] Group go tools together with comment --- .github/workflows/build.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3cab3fb..a3c90ea 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -64,6 +64,7 @@ jobs: ${{ env.BASE_CACHE_KEY }} - name: Setup curl cache run: mkdir -p ${{ env.CURL_CACHE_DIR }} + # Install GoCrtitic, GoSec and Staticcheck Go tools - name: Install GoCritic env: PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic @@ -74,6 +75,11 @@ jobs: PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} + - name: Install Staticcheck + env: + PACKAGE_URL: dominikh/staticcheck-action + PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-staticcheck-version }} + run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install Packer env: PACKER_VERSION: ${{ steps.setup-env.outputs.packer-version }} @@ -95,11 +101,6 @@ jobs: PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - - name: Install Staticcheck - env: - PACKAGE_URL: dominikh/staticcheck-action - PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-staticcheck-version }} - run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install Terraform-docs env: PACKAGE_URL: github.com/terraform-docs/terraform-docs From ecf329956ac7e2428e2226e2ac0c9c3c0cea94bf Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Tue, 11 Jul 2023 16:38:13 -0400 Subject: [PATCH 06/38] Update staticcheck id Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a3c90ea..f54946c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -78,7 +78,7 @@ jobs: - name: Install Staticcheck env: PACKAGE_URL: dominikh/staticcheck-action - PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-staticcheck-version }} + PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install Packer env: From 1eaedf57d23227522f0f302e6055ded6eb888a7a Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Tue, 11 Jul 2023 16:40:06 -0400 Subject: [PATCH 07/38] Update tool names to match author stylization Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f54946c..db696ad 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -64,8 +64,8 @@ jobs: ${{ env.BASE_CACHE_KEY }} - name: Setup curl cache run: mkdir -p ${{ env.CURL_CACHE_DIR }} - # Install GoCrtitic, GoSec and Staticcheck Go tools - - name: Install GoCritic + # Install go-critic, GoSec and staticcheck Go tools + - name: Install go-critic env: PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }} From fd04757b3339ed91a085e3028b2b88f9bf60e080 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Tue, 11 Jul 2023 16:42:09 -0400 Subject: [PATCH 08/38] Update statcicheck stylization Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index db696ad..fee1ebe 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -75,7 +75,7 @@ jobs: PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - - name: Install Staticcheck + - name: Install staticcheck env: PACKAGE_URL: dominikh/staticcheck-action PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }} From ddbf6f7f6c7cb928ce9bc22f1ae3b1796f0602e7 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 12 Jul 2023 09:09:32 -0400 Subject: [PATCH 09/38] Temporarily use a different branch of cisagov/setup-env-github-action This is being done for testing purposes, and this commit can be reverted (or removed) once cisagov/setup-env-github-action#65 is merged. --- .github/workflows/build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fee1ebe..b7c0910 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - id: setup-env - uses: cisagov/setup-env-github-action@develop + uses: cisagov/setup-env-github-action@add-go-actions-for-go-skeleton - uses: actions/checkout@v3 - id: setup-python uses: actions/setup-python@v4 @@ -64,18 +64,18 @@ jobs: ${{ env.BASE_CACHE_KEY }} - name: Setup curl cache run: mkdir -p ${{ env.CURL_CACHE_DIR }} - # Install go-critic, GoSec and staticcheck Go tools + # Install go-critic, GoSec and staticcheck Go tools - name: Install go-critic env: PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - - name: Install GoSec + - name: Install GoSec env: PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - - name: Install staticcheck + - name: Install staticcheck env: PACKAGE_URL: dominikh/staticcheck-action PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }} From a8af336b975def35f947694d61828ab633d8bc6d Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Wed, 12 Jul 2023 10:11:28 -0400 Subject: [PATCH 10/38] Move go packages install to separate section --- .github/workflows/build.yml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b7c0910..4f0b8cd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -64,22 +64,6 @@ jobs: ${{ env.BASE_CACHE_KEY }} - name: Setup curl cache run: mkdir -p ${{ env.CURL_CACHE_DIR }} - # Install go-critic, GoSec and staticcheck Go tools - - name: Install go-critic - env: - PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic - PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }} - run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - - name: Install GoSec - env: - PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec - PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }} - run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - - name: Install staticcheck - env: - PACKAGE_URL: dominikh/staticcheck-action - PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }} - run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install Packer env: PACKER_VERSION: ${{ steps.setup-env.outputs.packer-version }} @@ -96,6 +80,22 @@ jobs: - uses: hashicorp/setup-terraform@v2 with: terraform_version: ${{ steps.setup-env.outputs.terraform-version }} + # Begin Go packages install below + - name: Install GoCritic + env: + PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic + PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }} + run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} + - name: Install GoSec + env: + PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec + PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }} + run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} + - name: Install Staticcheck + env: + PACKAGE_URL: dominikh/staticcheck-action + PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-staticcheck-version }} + run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install shfmt env: PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt From 1675b127e5ba645e36726d3f1858a974e7612998 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Wed, 12 Jul 2023 16:52:32 -0400 Subject: [PATCH 11/38] Update go-critic name Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4f0b8cd..faafd2f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -81,7 +81,7 @@ jobs: with: terraform_version: ${{ steps.setup-env.outputs.terraform-version }} # Begin Go packages install below - - name: Install GoCritic + - name: Install go-critic env: PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }} From c6ab22ea25d5608ab794542c96139bd5d65dac47 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Wed, 12 Jul 2023 16:52:50 -0400 Subject: [PATCH 12/38] Update staticcheck name Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index faafd2f..a799374 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -91,7 +91,7 @@ jobs: PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - - name: Install Staticcheck + - name: Install staticcheck env: PACKAGE_URL: dominikh/staticcheck-action PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-staticcheck-version }} From 29de03457f4ec4092d0dd98465d18a83a2193719 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Thu, 13 Jul 2023 10:05:20 -0400 Subject: [PATCH 13/38] Use the correct repo name for the ansible-lint pre-commit hook The repo name we were using redirects to the correct place, but we may as well cut out the middle man. --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6b87032..9dc41ff 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -130,7 +130,7 @@ repos: - id: pyupgrade # Ansible hooks - - repo: https://github.com/ansible-community/ansible-lint + - repo: https://github.com/ansible/ansible-lint rev: v6.17.0 hooks: - id: ansible-lint From 1e7cb4f721542b260680ee51d4cd75126da0a979 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Wed, 12 Jul 2023 16:53:34 -0400 Subject: [PATCH 14/38] Correct staticcheck reference to setup-env, sort alphabetically and correct staticcheck package URL Co-Authored By: @mcdonnnj --- .github/workflows/build.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a799374..7435881 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -91,16 +91,16 @@ jobs: PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - - name: Install staticcheck - env: - PACKAGE_URL: dominikh/staticcheck-action - PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-staticcheck-version }} - run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install shfmt env: PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} + - name: Install staticcheck + env: + PACKAGE_URL: honnef.co/go/tools/cmd/staticcheck + PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }} + run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install Terraform-docs env: PACKAGE_URL: github.com/terraform-docs/terraform-docs From 5f3bc132490dcdfcc7431133ed38c293eeeffaf5 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Thu, 13 Jul 2023 11:03:03 -0400 Subject: [PATCH 15/38] Remove Go section coment Co-authored-by: Shane Frasier --- .github/workflows/build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7435881..00c5cdf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -80,7 +80,6 @@ jobs: - uses: hashicorp/setup-terraform@v2 with: terraform_version: ${{ steps.setup-env.outputs.terraform-version }} - # Begin Go packages install below - name: Install go-critic env: PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic From d31182550a11db54cff212171bb9cc0dac8bb636 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 13 Jul 2023 22:30:33 -0400 Subject: [PATCH 16/38] Remove unnecessary quotes in the dependabot configuration We generally only use quotes when they are strictly necessary to ensure data is interpreted as a string value. --- .github/dependabot.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fef57f5..60f04c0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,10 +7,10 @@ version: 2 updates: - - package-ecosystem: "github-actions" - directory: "/" + - package-ecosystem: github-actions + directory: / schedule: - interval: "weekly" + interval: weekly # ignore: # # Managed by cisagov/skeleton-generic # - dependency-name: actions/cache @@ -20,12 +20,12 @@ updates: # - dependency-name: hashicorp/setup-terraform # - dependency-name: mxschmitt/action-tmate - - package-ecosystem: "pip" - directory: "/" + - package-ecosystem: pip + directory: / schedule: - interval: "weekly" + interval: weekly - - package-ecosystem: "terraform" - directory: "/" + - package-ecosystem: terraform + directory: / schedule: - interval: "weekly" + interval: weekly From 2294d4970596551c7c2c794b869d186dcda49921 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 13 Jul 2023 22:41:38 -0400 Subject: [PATCH 17/38] Sort the keys in the Dependabot configuration Our standard practice for YAML files is to sort keys alphabetically. --- .github/dependabot.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 60f04c0..da2c02c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,12 +5,8 @@ # these updates when the pull request(s) in the appropriate skeleton are merged # and Lineage processes these changes. -version: 2 updates: - - package-ecosystem: github-actions - directory: / - schedule: - interval: weekly + - directory: / # ignore: # # Managed by cisagov/skeleton-generic # - dependency-name: actions/cache @@ -19,13 +15,17 @@ updates: # - dependency-name: actions/setup-python # - dependency-name: hashicorp/setup-terraform # - dependency-name: mxschmitt/action-tmate + package-ecosystem: github-actions + schedule: + interval: weekly - - package-ecosystem: pip - directory: / + - directory: / + package-ecosystem: pip schedule: interval: weekly - - package-ecosystem: terraform - directory: / + - directory: / + package-ecosystem: terraform schedule: interval: weekly +version: 2 From e678502adb77650dbd722134c469f20b5b46d32d Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Tue, 18 Jul 2023 15:06:13 -0400 Subject: [PATCH 18/38] Delete duplicate word "are" Co-authored-by: David Harris --- .bandit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.bandit.yml b/.bandit.yml index 8ba42d1..ab3cb21 100644 --- a/.bandit.yml +++ b/.bandit.yml @@ -3,7 +3,7 @@ # https://bandit.readthedocs.io/en/latest/config.html # Tests are first included by `tests`, and then excluded by `skips`. -# If `tests` is empty, all tests are are considered included. +# If `tests` is empty, all tests are considered included. tests: # - B101 From 948ebdeee11f77759311f85d256f19b5c4d7204d Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Wed, 16 Aug 2023 10:20:21 -0400 Subject: [PATCH 19/38] Fix gosec stylization Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 00c5cdf..ec15b7d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -85,7 +85,7 @@ jobs: PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - - name: Install GoSec + - name: Install gosec env: PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }} From 98d3d3f6914b4601cf9d194ed7d750224a4fb401 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Tue, 22 Aug 2023 10:18:25 -0400 Subject: [PATCH 20/38] Revert "Temporarily use a different branch of cisagov/setup-env-github-action" This reverts commit ddbf6f7f6c7cb928ce9bc22f1ae3b1796f0602e7. This can be done now that cisagov/setup-env-github-action#65 has been merged. --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ec15b7d..34c3c6c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - id: setup-env - uses: cisagov/setup-env-github-action@add-go-actions-for-go-skeleton + uses: cisagov/setup-env-github-action@develop - uses: actions/checkout@v3 - id: setup-python uses: actions/setup-python@v4 From 82db36a453deda26c99ee231879486b9e2d9ac1a Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Mon, 28 Aug 2023 11:06:36 -0400 Subject: [PATCH 21/38] Add nixfmt pre-commit hook --- .pre-commit-config.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6b87032..e7262f6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -79,6 +79,12 @@ repos: # GoSec - id: go-sec-repo-mod + # Nix hooks + - repo: https://github.com/nix-community/nixpkgs-fmt + rev: v1.3.0 + hooks: + - id: nixpkgs-fmt + # Shell script hooks - repo: https://github.com/cisagov/pre-commit-shfmt rev: v0.0.2 From c0b5d5bb6cb644bf85171a8f5c89dfc3c770662f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 18:19:17 +0000 Subject: [PATCH 22/38] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- .github/workflows/sync-labels.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c992e8e..3b38f76 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -19,7 +19,7 @@ jobs: steps: - id: setup-env uses: cisagov/setup-env-github-action@develop - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - id: setup-python uses: actions/setup-python@v4 with: diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index ae7c091..b6f2024 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -19,7 +19,7 @@ jobs: issues: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Sync repository labels if: success() uses: crazy-max/ghaction-github-labeler@v4 From b04654e922ec4eef978022b67374a2ab3cffab4c Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 11 Sep 2023 01:57:49 -0400 Subject: [PATCH 23/38] Bump crazy-max/ghaction-github-labeler from 4 to 5 --- .github/workflows/sync-labels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index ae7c091..1c107e4 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -22,7 +22,7 @@ jobs: - uses: actions/checkout@v3 - name: Sync repository labels if: success() - uses: crazy-max/ghaction-github-labeler@v4 + uses: crazy-max/ghaction-github-labeler@v5 with: # This is a hideous ternary equivalent so we only do a dry run unless # this workflow is triggered by the develop branch. From 49ac8c505181e79caefc12cfc2f8e906c1e88ab2 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 11 Sep 2023 01:59:09 -0400 Subject: [PATCH 24/38] Update the dependabot ignore configuration Add crazy-max/ghaction-github-labeler as a commented out dependency to ignore in the dependabot configuration file. This should be enabled in downstream projects to consolidate updating this Action to the cisagov/skeleton-generic repository. --- .github/dependabot.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fef57f5..e1f2f34 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -17,6 +17,7 @@ updates: # - dependency-name: actions/checkout # - dependency-name: actions/setup-go # - dependency-name: actions/setup-python + # - dependency-name: crazy-max/ghaction-github-labeler # - dependency-name: hashicorp/setup-terraform # - dependency-name: mxschmitt/action-tmate From 94d753d10d8106be1e4634bac6a27c0fbfb51c40 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 3 Aug 2023 19:10:29 -0400 Subject: [PATCH 25/38] Update pre-commit hook versions This is done automatically with the `pre-commit autoupdate` command. --- .pre-commit-config.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c5b7035..dad86ae 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,13 +31,13 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.34.0 + rev: v0.36.0 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.9-for-vscode + rev: v3.0.3 hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint @@ -49,14 +49,14 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.23.1 + rev: 0.26.3 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v3.3.2 + rev: v3.4.0 hooks: - id: validate_manifest @@ -113,11 +113,11 @@ repos: args: - --config=.bandit.yml - repo: https://github.com/psf/black - rev: 23.3.0 + rev: 23.9.1 hooks: - id: black - repo: https://github.com/PyCQA/flake8 - rev: 6.0.0 + rev: 6.1.0 hooks: - id: flake8 additional_dependencies: @@ -127,24 +127,24 @@ repos: hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.3.0 + rev: v1.5.1 hooks: - id: mypy - repo: https://github.com/asottile/pyupgrade - rev: v3.4.0 + rev: v3.10.1 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible/ansible-lint - rev: v6.17.0 + rev: v6.19.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.80.0 + rev: v1.83.2 hooks: - id: terraform_fmt - id: terraform_validate From 1bc2056836e544c813d944150932075bb7251e33 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 11 Sep 2023 17:50:36 -0400 Subject: [PATCH 26/38] Switch to the pre-commit mirror for black This mirror was created to leverage performance optimizations from mypyc wheels that are available if black is installed from PyPI. These wheels are not available if black is installed from source as it would be using the old URL. Please see psf/black#3828 and psf/black#3405 for more information. --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index dad86ae..34f0253 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -112,7 +112,7 @@ repos: - id: bandit args: - --config=.bandit.yml - - repo: https://github.com/psf/black + - repo: https://github.com/psf/black-pre-commit-mirror rev: 23.9.1 hooks: - id: black From a62ebe79e749b4e66b1f2122b3f866fd6ab8c23e Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Tue, 29 Aug 2023 17:10:03 -0400 Subject: [PATCH 27/38] Add the crazy-max/ghaction-github-status GitHub action This action is added in a separate "diagnostics" job. As configured it will never fail, but it will print out the status of the various GitHub components. This information will sometimes be useful when determining why builds fail after the fact. Co-authored-by: Mark Feldhousen Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/dependabot.yml | 1 + .github/workflows/build.yml | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9ab2270..2fdd39d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -14,6 +14,7 @@ updates: # - dependency-name: actions/setup-go # - dependency-name: actions/setup-python # - dependency-name: crazy-max/ghaction-github-labeler + # - dependency-name: crazy-max/ghaction-github-status # - dependency-name: hashicorp/setup-terraform # - dependency-name: mxschmitt/action-tmate package-ecosystem: github-actions diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c08880f..9382c48 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,6 +14,12 @@ env: RUN_TMATE: ${{ secrets.RUN_TMATE }} jobs: + diagnostics: + runs-on: ubuntu-latest + steps: + - id: github-status + name: Check GitHub status + uses: crazy-max/ghaction-github-status@v3 lint: runs-on: ubuntu-latest steps: From 3619c455e6bb559ed74f7f320026badcaa603ad9 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 30 Aug 2023 09:48:01 -0400 Subject: [PATCH 28/38] Make the lint job depend on the diagnostics job Even though the diagnostics job is not currently configured to fail due to the GitHub status, it is still true that if the job is unable to run that does not bode well for the lint job's successful execution. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9382c48..1049da9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -21,6 +21,8 @@ jobs: name: Check GitHub status uses: crazy-max/ghaction-github-status@v3 lint: + needs: + - diagnostics runs-on: ubuntu-latest steps: - id: setup-env From f4370660795e7d97f3e5ef0d582ed5754b2c267f Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 30 Aug 2023 10:35:45 -0400 Subject: [PATCH 29/38] Add a GH Action to dump the context This can be useful when debugging why a GH Action failed. Co-authored-by: felddy --- .github/dependabot.yml | 1 + .github/workflows/build.yml | 3 +++ 2 files changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2fdd39d..dbb9b73 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -13,6 +13,7 @@ updates: # - dependency-name: actions/checkout # - dependency-name: actions/setup-go # - dependency-name: actions/setup-python + # - dependency-name: crazy-max/ghaction-dump-context # - dependency-name: crazy-max/ghaction-github-labeler # - dependency-name: crazy-max/ghaction-github-status # - dependency-name: hashicorp/setup-terraform diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1049da9..346fd81 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,6 +20,9 @@ jobs: - id: github-status name: Check GitHub status uses: crazy-max/ghaction-github-status@v3 + - id: dump-context + name: Dump context + uses: crazy-max/ghaction-dump-context@v2 lint: needs: - diagnostics From c5e56a21c70e033b2093355b630dd172f85614f2 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 30 Aug 2023 10:36:31 -0400 Subject: [PATCH 30/38] Give the diagnostics job a descriptive name --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 346fd81..53c76f7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,6 +15,7 @@ env: jobs: diagnostics: + name: Run diagnostics runs-on: ubuntu-latest steps: - id: github-status From 9afb516c20153c850088cfcc8318d7df3e68da92 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 30 Aug 2023 10:47:40 -0400 Subject: [PATCH 31/38] Add the step-security/harden-runner GH Action This GH Action is being configured to run in audit mode. It should warn us if an Action is reaching out to an unexpected web address, overwriting source code, etc. Co-authored-by: felddy --- .github/dependabot.yml | 1 + .github/workflows/build.yml | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index dbb9b73..17220c6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -18,6 +18,7 @@ updates: # - dependency-name: crazy-max/ghaction-github-status # - dependency-name: hashicorp/setup-terraform # - dependency-name: mxschmitt/action-tmate + # - dependency-name: step-security/harden-runner package-ecosystem: github-actions schedule: interval: weekly diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 53c76f7..2fda8f7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,6 +18,11 @@ jobs: name: Run diagnostics runs-on: ubuntu-latest steps: + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit - id: github-status name: Check GitHub status uses: crazy-max/ghaction-github-status@v3 From 9dc773cae76fcb144a8fde5b26118e915dea1a03 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 30 Aug 2023 12:44:35 -0400 Subject: [PATCH 32/38] Add a harden-runner task to the lint job as well This task can only provide coverage for the job that contains it. --- .github/workflows/build.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2fda8f7..3fbeff2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -34,6 +34,11 @@ jobs: - diagnostics runs-on: ubuntu-latest steps: + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit - id: setup-env uses: cisagov/setup-env-github-action@develop - uses: actions/checkout@v4 From bb81ec3a0418359c28fc495524959f9f897557b8 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 30 Aug 2023 15:15:16 -0400 Subject: [PATCH 33/38] Add a reminder We need a reminder add the step-security/harden-runner action at the top of every job. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3fbeff2..e7b75a4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,6 +18,8 @@ jobs: name: Run diagnostics runs-on: ubuntu-latest steps: + # Note that a duplicate of this step must be added at the top of + # each job. - id: harden-runner name: Harden the runner uses: step-security/harden-runner@v2 From 03d5a4b7b877828f77c5d93b2b80dca1e4ec95d0 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 6 Nov 2023 07:11:01 -0500 Subject: [PATCH 34/38] Update hashicorp/aws requirement from ~> 3.38 to ~> 4.9 Updates the requirements on [hashicorp/aws](https://github.com/hashicorp/terraform-provider-aws) to use the minimum version we are ready to support. - [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases/tag/v4.9.0) - [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/release/4.x/CHANGELOG.md#490-april-07-2022) - [Commits](hashicorp/terraform-provider-aws@v3.38.0...v4.9.0) Note: I based this commit on the one from the old dependabot PR. --- README.md | 4 ++-- versions.tf | 14 ++++++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index c579f12..f3a98b6 100644 --- a/README.md +++ b/README.md @@ -35,13 +35,13 @@ module "example" { | Name | Version | |------|---------| | terraform | ~> 1.0 | -| aws | ~> 3.38 | +| aws | ~> 4.9 | ## Providers ## | Name | Version | |------|---------| -| aws | ~> 3.38 | +| aws | ~> 4.9 | ## Modules ## diff --git a/versions.tf b/versions.tf index 3919fa5..80277d5 100644 --- a/versions.tf +++ b/versions.tf @@ -6,12 +6,18 @@ terraform { # major version currently being used. This practice will help us # avoid unwelcome surprises. required_providers { - # Version 3.38.0 of the Terraform AWS provider is the first - # version to support default tags. - # https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider + # Version 4.9 of the Terraform AWS provider made changes to the S3 bucket + # refactor that is in place for versions 4.0-4.8 of the provider. With v4.9 + # only non-breaking changes and deprecation notices are introduced. Using + # this version will simplify migration to the new, broken out AWS S3 bucket + # configuration resources. Please see + # https://github.com/hashicorp/terraform-provider-aws/pull/23985 + # for more information about the changes in v4.9 and + # https://www.hashicorp.com/blog/terraform-aws-provider-4-0-refactors-s3-bucket-resource + # for more information about the S3 bucket refactor. aws = { source = "hashicorp/aws" - version = "~> 3.38" + version = "~> 4.9" } } } From 503d37838d10c6d4a18e0332bab488722dbac683 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 6 Nov 2023 07:19:46 -0500 Subject: [PATCH 35/38] Use a consistent AWS provider version constraint Update the example configuration to use the same version constraint as is used in the module. --- examples/basic_usage/README.md | 4 ++-- examples/basic_usage/versions.tf | 14 ++++++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/examples/basic_usage/README.md b/examples/basic_usage/README.md index 29f1e43..d36960e 100644 --- a/examples/basic_usage/README.md +++ b/examples/basic_usage/README.md @@ -13,13 +13,13 @@ Note that this example may create resources which cost money. Run | Name | Version | |------|---------| | terraform | ~> 1.0 | -| aws | ~> 3.38 | +| aws | ~> 4.9 | ## Providers ## | Name | Version | |------|---------| -| aws | ~> 3.38 | +| aws | ~> 4.9 | ## Modules ## diff --git a/examples/basic_usage/versions.tf b/examples/basic_usage/versions.tf index 3919fa5..80277d5 100644 --- a/examples/basic_usage/versions.tf +++ b/examples/basic_usage/versions.tf @@ -6,12 +6,18 @@ terraform { # major version currently being used. This practice will help us # avoid unwelcome surprises. required_providers { - # Version 3.38.0 of the Terraform AWS provider is the first - # version to support default tags. - # https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider + # Version 4.9 of the Terraform AWS provider made changes to the S3 bucket + # refactor that is in place for versions 4.0-4.8 of the provider. With v4.9 + # only non-breaking changes and deprecation notices are introduced. Using + # this version will simplify migration to the new, broken out AWS S3 bucket + # configuration resources. Please see + # https://github.com/hashicorp/terraform-provider-aws/pull/23985 + # for more information about the changes in v4.9 and + # https://www.hashicorp.com/blog/terraform-aws-provider-4-0-refactors-s3-bucket-resource + # for more information about the S3 bucket refactor. aws = { source = "hashicorp/aws" - version = "~> 3.38" + version = "~> 4.9" } } } From c2b4c6cb739d22655c30363519e80bc71716605b Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 13 Nov 2023 06:08:32 -0500 Subject: [PATCH 36/38] Add a configuration file for terraform-docs Adds a configuration file for terraform-docs and injection markers to the README to help ensure consistent population of documentation. This is not a comprehensive solution because I have found no way to configure terraform-docs to use the ATX closed header style for Markdown. It will at least ensure that except for intervention to fix the header format we have a consistent documentation style. --- .terraform-docs.yml | 13 +++++++++++++ README.md | 2 ++ 2 files changed, 15 insertions(+) create mode 100644 .terraform-docs.yml diff --git a/.terraform-docs.yml b/.terraform-docs.yml new file mode 100644 index 0000000..7069923 --- /dev/null +++ b/.terraform-docs.yml @@ -0,0 +1,13 @@ +--- +formatter: markdown table +output: + file: README.md + mode: inject + template: |- + + {{ .Content }} + +settings: + anchor: false + html: false + lockfile: false diff --git a/README.md b/README.md index c579f12..413693f 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ module "example" { - [Basic usage](https://github.com/cisagov/skeleton-tf-module/tree/develop/examples/basic_usage) + ## Requirements ## | Name | Version | @@ -73,6 +74,7 @@ No modules. | id | The EC2 instance ID. | | private\_ip | The private IP of the EC2 instance. | | subnet\_id | The ID of the subnet where the EC2 instance is deployed. | + ## Notes ## From 1c77ac977ad454db0ddb2100e30d0b2a26b03ab9 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 13 Sep 2023 15:45:30 -0400 Subject: [PATCH 37/38] Correctly alphabetize YAML keys Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/dependabot.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8281167..016a75c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -29,18 +29,18 @@ updates: interval: weekly - directory: / - package-ecosystem: terraform - schedule: - interval: weekly # # Managed by cisagov/skeleton-tf-module # ignore: # - dependency-name: hashicorp/aws - - - package-ecosystem: terraform - directory: /examples/basic_usage + package-ecosystem: terraform schedule: interval: weekly + + - directory: /examples/basic_usage # # Managed by cisagov/skeleton-tf-module # ignore: # - dependency-name: hashicorp/aws + package-ecosystem: terraform + schedule: + interval: weekly version: 2 From ea9e90b0f854c87fdf62841b84ffa90101e8fd57 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Thu, 14 Sep 2023 09:36:06 -0400 Subject: [PATCH 38/38] Move attribution comment to just before first dependency to which it applies Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 016a75c..aa70e2e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -29,16 +29,16 @@ updates: interval: weekly - directory: / - # # Managed by cisagov/skeleton-tf-module # ignore: + # # Managed by cisagov/skeleton-tf-module # - dependency-name: hashicorp/aws package-ecosystem: terraform schedule: interval: weekly - directory: /examples/basic_usage - # # Managed by cisagov/skeleton-tf-module # ignore: + # # Managed by cisagov/skeleton-tf-module # - dependency-name: hashicorp/aws package-ecosystem: terraform schedule: