Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

Commit

Permalink
Merge pull request #273 from cisagov/lineage/skeleton
Browse files Browse the repository at this point in the history
⚠️ CONFLICT! Lineage pull request for: skeleton
  • Loading branch information
itsmostafa authored Apr 28, 2023
2 parents ac926ee + a153ea8 commit 6115ab7
Show file tree
Hide file tree
Showing 85 changed files with 461 additions and 339 deletions.
5 changes: 5 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,13 @@ updates:
schedule:
interval: "weekly"
ignore:
# Managed by cisagov/skeleton-generic
- dependency-name: actions/cache
- dependency-name: actions/checkout
- dependency-name: actions/setup-go
- dependency-name: actions/setup-python
- dependency-name: hashicorp/setup-terraform
- dependency-name: mxschmitt/action-tmate
# Managed by cisagov/skeleton-docker
- dependency-name: actions/download-artifact
- dependency-name: actions/github-script
Expand All @@ -27,6 +31,7 @@ updates:
- dependency-name: docker/login-action
- dependency-name: docker/setup-buildx-action
- dependency-name: docker/setup-qemu-action
- dependency-name: github/codeql-action

- package-ecosystem: "pip"
directory: "/"
Expand Down
73 changes: 73 additions & 0 deletions .github/labels.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
---
# Rather than breaking up descriptions into multiline strings we disable that
# specific rule in yamllint for this file.
# yamllint disable rule:line-length
- color: "eb6420"
description: This issue or pull request is awaiting the outcome of another issue or pull request
name: blocked
- color: "000000"
description: This issue or pull request involves changes to existing functionality
name: breaking change
- color: "d73a4a"
description: This issue or pull request addresses broken functionality
name: bug
- color: "07648d"
description: This issue will be advertised on code.gov's Open Tasks page (https://code.gov/open-tasks)
name: code.gov
- color: "0366d6"
description: Pull requests that update a dependency file
name: dependencies
- color: "2497ed"
description: Pull requests that update Docker code
name: docker
- color: "5319e7"
description: This issue or pull request improves or adds to documentation
name: documentation
- color: "cfd3d7"
description: This issue or pull request already exists or is covered in another issue or pull request
name: duplicate
- color: "b005bc"
description: A high-level objective issue encompassing multiple issues instead of a specific unit of work
name: epic
- color: "000000"
description: Pull requests that update GitHub Actions code
name: github-actions
- color: "0e8a16"
description: This issue or pull request is well-defined and good for newcomers
name: good first issue
- color: "ff7518"
description: Pull request that should count toward Hacktoberfest participation
name: hacktoberfest-accepted
- color: "a2eeef"
description: This issue or pull request will add or improve functionality, maintainability, or ease of use
name: improvement
- color: "fef2c0"
description: This issue or pull request is not applicable, incorrect, or obsolete
name: invalid
- color: "ce099a"
description: This pull request is ready to merge during the next Lineage Kraken release
name: kraken 🐙
- color: "a4fc5d"
description: This issue or pull request requires further information
name: need info
- color: "fcdb45"
description: This pull request is awaiting an action or decision to move forward
name: on hold
- color: "ef476c"
description: This issue is a request for information or needs discussion
name: question
- color: "d73a4a"
description: This issue or pull request addresses a security issue
name: security
- color: "00008b"
description: This issue or pull request adds or otherwise modifies test code
name: test
- color: "1d76db"
description: This issue or pull request pulls in upstream updates
name: upstream update
- color: "d4c5f9"
description: This issue or pull request increments the version number
name: version bump
- color: "ffffff"
description: This issue will not be incorporated
name: wontfix
38 changes: 19 additions & 19 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,28 +58,24 @@ jobs:
uses: cisagov/setup-env-github-action@develop
- uses: actions/checkout@v3
- id: setup-python
uses: actions/setup-python@v3
uses: actions/setup-python@v4
with:
python-version: "3.10"
# We need the Go version and Go cache location for the actions/cache step,
# so the Go installation must happen before that.
- uses: actions/setup-go@v2
- id: setup-go
uses: actions/setup-go@v3
with:
go-version: "1.16"
- name: Store installed Go version
id: go-version
run: |
echo "::set-output name=version::"\
"$(go version | sed 's/^go version go\([0-9.]\+\) .*/\1/')"
go-version: "1.19"
- name: Lookup Go cache directory
id: go-cache
run: |
echo "::set-output name=dir::$(go env GOCACHE)"
echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT
- uses: actions/cache@v3
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
py${{ steps.setup-python.outputs.python-version }}-\
go${{ steps.go-version.outputs.version }}-\
go${{ steps.setup-go.outputs.go-version }}-\
packer${{ steps.setup-env.outputs.packer-version }}-\
tf${{ steps.setup-env.outputs.terraform-version }}-"
with:
Expand Down Expand Up @@ -119,7 +115,7 @@ jobs:
${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}"
sudo mv /usr/local/bin/packer /usr/local/bin/packer-default
sudo ln -s /opt/packer/packer /usr/local/bin/packer
- uses: hashicorp/setup-terraform@v1
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
- name: Install shfmt
Expand Down Expand Up @@ -195,7 +191,7 @@ jobs:
- uses: actions/checkout@v3
- name: Gather repository metadata
id: repo
uses: actions/github-script@v5
uses: actions/github-script@v6
with:
script: |
const repo = await github.rest.repos.get(context.repo)
Expand Down Expand Up @@ -236,9 +232,9 @@ jobs:
do
TAGS="${TAGS},ghcr.io/${i}"
done
echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
echo ::set-output name=source_version::$(./bump_version.sh show)
echo ::set-output name=tags::${TAGS}
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
echo "source_version=$(./bump_version.sh show)" >> $GITHUB_OUTPUT
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo tags=${TAGS}
- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
Expand Down Expand Up @@ -269,7 +265,7 @@ jobs:
run: mkdir -p dist
- name: Build image
id: docker_build
uses: docker/build-push-action@v3
uses: docker/build-push-action@v4
with:
build-args: |
VERSION=${{ needs.prepare.outputs.source_version }}
Expand Down Expand Up @@ -322,9 +318,9 @@ jobs:
steps:
- uses: actions/checkout@v3
- id: setup-python
uses: actions/setup-python@v3
uses: actions/setup-python@v4
with:
python-version: 3.9
python-version: "3.10"
- name: Cache testing environments
uses: actions/cache@v3
env:
Expand Down Expand Up @@ -370,6 +366,10 @@ jobs:
runs-on: ubuntu-latest
needs: [lint, prepare, test]
if: github.event_name != 'pull_request'
# When Dependabot creates a PR it requires this permission in
# order to push Docker images to ghcr.io.
permissions:
packages: write
steps:
- name: Login to Docker Hub
uses: docker/login-action@v2
Expand Down Expand Up @@ -401,7 +401,7 @@ jobs:
run: ./buildx-dockerfile.sh
- name: Build and push platform images to registries
id: docker_build
uses: docker/build-push-action@v3
uses: docker/build-push-action@v4
with:
build-args: |
VERSION=${{ needs.prepare.outputs.source_version }}
Expand Down
42 changes: 20 additions & 22 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
---

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
Expand All @@ -11,59 +10,58 @@ on:
push:
# Dependabot triggered push events have read-only access, but uploading code
# scanning requires write access.
branches-ignore: [dependabot/**]
branches-ignore:
- dependabot/**
pull_request:
# The branches below must be a subset of the branches above
branches: [develop]
branches:
- develop
schedule:
- cron: '0 21 * * 6'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest

permissions:
# required for all workflows
security-events: write
strategy:
fail-fast: false
matrix:
# Override automatic language detection by changing the below list
# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript',
# 'python']
language: ['python']
# Supported options are go, javascript, csharp, python, cpp, and java
language:
- python
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

steps:
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a
# config file. By default, queries listed here will override any
# specified in a config file. Prefix the list here with "+" to use
# these queries and those in the config file. queries:
# ./path/to/local/query, your-org/your-repo/queries@main

# Autobuild attempts to build any compiled languages (C/C++, C#, or
# Autobuild attempts to build any compiled languages (C/C++, C#, or
# Java). If this step fails, then you should remove it and run the build
# manually (see below)
# manually (see below).
- name: Autobuild
uses: github/codeql-action/autobuild@v1
uses: github/codeql-action/autobuild@v2

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

# ✏️ If the Autobuild fails above, remove it and uncomment the following
# three lines and modify them (or add more) to build your code if your
# project uses a compiled language
# three lines and modify them (or add more) to build your code if your
# project uses a compiled language

# - run: |
# make bootstrap
# make release
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v2
29 changes: 29 additions & 0 deletions .github/workflows/sync-labels.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---
name: sync-labels

on:
push:
paths:
- '.github/labels.yml'
- '.github/workflows/sync-labels.yml'

permissions:
contents: read

jobs:
labeler:
permissions:
# actions/checkout needs this to fetch code
contents: read
# crazy-max/ghaction-github-labeler needs this to manage repository labels
issues: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Sync repository labels
if: success()
uses: crazy-max/ghaction-github-labeler@v4
with:
# This is a hideous ternary equivalent so we only do a dry run unless
# this workflow is triggered by the develop branch.
dry-run: ${{ github.ref_name == 'develop' && 'false' || 'true' }}
8 changes: 0 additions & 8 deletions .lgtm.yml

This file was deleted.

Loading

0 comments on commit 6115ab7

Please sign in to comment.