From 18b5d12c784dad59c461af36922cc2082f1dcffd Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 19 Dec 2019 15:32:36 -0500 Subject: [PATCH 01/29] Add seed-isort-config and isort to pre-commit hooks. Add isort configuration file. --- .isort.cfg | 12 ++++++++++++ .pre-commit-config.yaml | 10 ++++++++++ 2 files changed, 22 insertions(+) create mode 100644 .isort.cfg diff --git a/.isort.cfg b/.isort.cfg new file mode 100644 index 00000000..5216e476 --- /dev/null +++ b/.isort.cfg @@ -0,0 +1,12 @@ +[settings] +combine_star=true +force_sort_within_sections=true + +import_heading_stdlib=Standard Python Libraries +import_heading_thirdparty=Third-Party Libraries +import_heading_firstparty=cisagov Libraries + +# Should be auto-populated by seed-isort-config hook +known_third_party= +# These must be manually set to correctly separate them from third party libraries +known_first_party= diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 27477d37..c8fc88ac 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -60,6 +60,16 @@ repos: rev: 19.10b0 hooks: - id: black + - repo: https://github.com/asottile/seed-isort-config + rev: v1.9.3 + hooks: + - id: seed-isort-config + - repo: https://github.com/pre-commit/mirrors-isort + # pick the isort version you'd like to use from + # https://github.com/pre-commit/mirrors-isort/releases + rev: v4.3.21 + hooks: + - id: isort - repo: https://github.com/ansible/ansible-lint.git rev: v4.1.1a5 hooks: From 2fa4cbe194ac05ff89e377ad91adfa3fc7eddb6f Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 24 Jan 2020 16:45:48 -0500 Subject: [PATCH 02/29] Make workflow run when a PR is opened, synchronized, or reopened A user forked cisagov/scan-target-data and created a pull request, but the required GitHub Action(s) did not run. This is presumably because the user does not have Actions enabled in his or her fork. Ideally, the required Action(s) would run in cisagov/scan-target-data when a PR to merge changes back is created. Based on my reading of this link, adding the "pull_request" event type should make this happen: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/events-that-trigger-workflows#pull-request-events-for-forked-repositories --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d12843d7..c9cc05bc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,7 +1,7 @@ --- name: build -on: [push] +on: [push, pull_request] jobs: build: From dbd589d2e27b517726fec167987058b3d687992f Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 24 Jan 2020 17:10:49 -0500 Subject: [PATCH 03/29] Improve list formatting --- .github/workflows/build.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c9cc05bc..e6c14e6a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,7 +1,10 @@ --- name: build -on: [push, pull_request] +on: [ + push, + pull_request +] jobs: build: From deb186c98b5539654402c2c252bc3d55d2190aeb Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Mon, 27 Jan 2020 11:14:04 -0500 Subject: [PATCH 04/29] Add changes made by isort pre-commit hook --- .isort.cfg | 2 +- tests/conftest.py | 2 +- tests/container_test.py | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.isort.cfg b/.isort.cfg index 5216e476..3b2f6828 100644 --- a/.isort.cfg +++ b/.isort.cfg @@ -7,6 +7,6 @@ import_heading_thirdparty=Third-Party Libraries import_heading_firstparty=cisagov Libraries # Should be auto-populated by seed-isort-config hook -known_third_party= +known_third_party=pytest # These must be manually set to correctly separate them from third party libraries known_first_party= diff --git a/tests/conftest.py b/tests/conftest.py index d62dff68..28d6c427 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -2,9 +2,9 @@ https://docs.pytest.org/en/latest/writing_plugins.html#conftest-py-plugins """ +# Third-Party Libraries import pytest - MAIN_SERVICE_NAME = "example" VERSION_SERVICE_NAME = f"{MAIN_SERVICE_NAME}-version" diff --git a/tests/container_test.py b/tests/container_test.py index 524d1d37..90ea1a32 100644 --- a/tests/container_test.py +++ b/tests/container_test.py @@ -1,9 +1,11 @@ #!/usr/bin/env pytest -vs """Tests for example container.""" +# Standard Python Libraries import os import time +# Third-Party Libraries import pytest ENV_VAR = "ECHO_MESSAGE" From 532751627a347637814e8a7f626dad487a1b6053 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 10 Feb 2020 10:39:07 -0500 Subject: [PATCH 05/29] Backported changes to CONTRIBUTING.md from the development guide. --- CONTRIBUTING.md | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 93addc28..eb00ca9a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -56,10 +56,31 @@ eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" ``` -For Linux (or on the Mac, if you don't want to use `brew`) you can use +For Linux, Windows Subsystem for Linux (WSL), or on the Mac (if you +don't want to use `brew`) you can use [pyenv/pyenv-installer](https://github.com/pyenv/pyenv-installer) to -install the necessary tools. When you are finished you will need to -add the same two lines above to your profile. +install the necessary tools. Before running this ensure that you have +installed the prerequisites for your platform according to the +[`pyenv` wiki +page](https://github.com/pyenv/pyenv/wiki/common-build-problems). + +On WSL you should treat your platform as whatever Linux distribution +you've chosen to install. + +Once you have installed `pyenv` you will need to add the following +lines to your `.bashrc`: + +```bash +export PATH="$PATH:$HOME/.pyenv/bin" +eval "$(pyenv init -)" +eval "$(pyenv virtualenv-init -)" +``` + +If you are using a shell other than `bash` you should follow the +instructions that the `pyenv-installer` script outputs. + +You will need to reload your shell for these changes to take effect so +you can begin to use `pyenv`. For a list of Python versions that are already installed and ready to use with `pyenv`, use the command `pyenv versions`. To see a list of From f7a4166ad67d961324bc44130e092eb1ddebd320 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 11 Feb 2020 10:41:17 -0500 Subject: [PATCH 06/29] Update Python version used to 3.8 Update actions/checkout to v2 Update formatting to match downstream children --- .github/workflows/build.yml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e6c14e6a..4953f7cf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,20 +10,16 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - - - name: Set up Python 3.7 - uses: actions/setup-python@v1 + - uses: actions/checkout@v2 + - uses: actions/setup-python@v1 with: - python-version: 3.7 - + python-version: 3.8 - name: Cache pre-commit hooks uses: actions/cache@v1 with: path: ~/.cache/pre-commit key: "${{ runner.os }}-pre-commit-\ ${{ hashFiles('**/.pre-commit-config.yaml') }}" - - name: Cache pip test requirements uses: actions/cache@v1 with: @@ -33,11 +29,9 @@ jobs: restore-keys: | ${{ runner.os }}-pip-test- ${{ runner.os }}-pip- - - name: Install dependencies run: | python -m pip install --upgrade pip pip install --upgrade -r requirements-test.txt - - name: Run pre-commit on all files run: pre-commit run --all-files From b857939b3d0c5393b8b5528a6bb9bce2ff0f736f Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 12 Feb 2020 00:01:16 -0500 Subject: [PATCH 07/29] Run pre-commit autoupdate. --- .pre-commit-config.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c8fc88ac..78566582 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,7 +5,7 @@ default_language_version: repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.4.0 + rev: v2.5.0 hooks: - id: check-executables-have-shebangs - id: check-json @@ -27,13 +27,13 @@ repos: - id: requirements-txt-fixer - id: trailing-whitespace - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.19.0 + rev: v0.22.0 hooks: - id: markdownlint args: - --config=.mdl_config.json - repo: https://github.com/adrienverge/yamllint - rev: v1.18.0 + rev: v1.20.0 hooks: - id: yamllint - repo: https://github.com/detailyang/pre-commit-shell @@ -47,7 +47,7 @@ repos: additional_dependencies: - flake8-docstrings - repo: https://github.com/asottile/pyupgrade - rev: v1.25.1 + rev: v1.26.2 hooks: - id: pyupgrade - repo: https://github.com/PyCQA/bandit @@ -61,7 +61,7 @@ repos: hooks: - id: black - repo: https://github.com/asottile/seed-isort-config - rev: v1.9.3 + rev: v1.9.4 hooks: - id: seed-isort-config - repo: https://github.com/pre-commit/mirrors-isort @@ -71,7 +71,7 @@ repos: hooks: - id: isort - repo: https://github.com/ansible/ansible-lint.git - rev: v4.1.1a5 + rev: v4.2.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml @@ -81,7 +81,7 @@ repos: - id: terraform_fmt - id: terraform_validate_no_variables - repo: https://github.com/IamTheFij/docker-pre-commit - rev: v1.0.0 + rev: v1.0.1 hooks: - id: docker-compose-check - repo: https://github.com/prettier/prettier From d99fd00bc2e5c4a0afeb2d6717dac7fe77f64d33 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 12 Feb 2020 00:14:11 -0500 Subject: [PATCH 08/29] Flip cache order to mirror how it is done downstream. --- .github/workflows/build.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4953f7cf..76801a8d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,12 +14,6 @@ jobs: - uses: actions/setup-python@v1 with: python-version: 3.8 - - name: Cache pre-commit hooks - uses: actions/cache@v1 - with: - path: ~/.cache/pre-commit - key: "${{ runner.os }}-pre-commit-\ - ${{ hashFiles('**/.pre-commit-config.yaml') }}" - name: Cache pip test requirements uses: actions/cache@v1 with: @@ -29,6 +23,12 @@ jobs: restore-keys: | ${{ runner.os }}-pip-test- ${{ runner.os }}-pip- + - name: Cache pre-commit hooks + uses: actions/cache@v1 + with: + path: ~/.cache/pre-commit + key: "${{ runner.os }}-pre-commit-\ + ${{ hashFiles('**/.pre-commit-config.yaml') }}" - name: Install dependencies run: | python -m pip install --upgrade pip From bf7f97bd480df8dfc0e7de063173cd4ccc9e8827 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 12 Feb 2020 16:36:17 -0500 Subject: [PATCH 09/29] Add missing space in .bandit.yml --- .bandit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.bandit.yml b/.bandit.yml index 5ae161dc..2b618f68 100644 --- a/.bandit.yml +++ b/.bandit.yml @@ -10,4 +10,4 @@ tests: # - B102 skips: - - B101 # skip "assert used" check since assertions are required in pytests + - B101 # skip "assert used" check since assertions are required in pytests From e96577bce4b3b6aefa044943e478301a7d11288f Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 18 Feb 2020 18:04:06 -0500 Subject: [PATCH 10/29] All references to '-r' for pip calls have been replaced with the more verbose '--requirement'. --- .github/workflows/build.yml | 2 +- CONTRIBUTING.md | 2 +- requirements-dev.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 76801a8d..aff7e7ae 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,6 +32,6 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install --upgrade -r requirements-test.txt + pip install --upgrade --requirement requirements-test.txt - name: Run pre-commit on all files run: pre-commit run --all-files diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index eb00ca9a..dacaaadf 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -102,7 +102,7 @@ commands: cd skeleton-generic pyenv virtualenv skeleton-generic pyenv local skeleton-generic -pip install -r requirements-dev.txt +pip install --requirement requirements-dev.txt ``` #### Installing the pre-commit hook #### diff --git a/requirements-dev.txt b/requirements-dev.txt index f122cc5e..d84ee680 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,2 +1,2 @@ --r requirements-test.txt +--requirement requirements-test.txt ipython From 067ee0850c154845b7de623988c5a1bd5ce67d3a Mon Sep 17 00:00:00 2001 From: Felddy Date: Thu, 20 Feb 2020 17:29:09 -0500 Subject: [PATCH 11/29] Autoupdate pre-commit hooks. Add mypy. --- .pre-commit-config.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 78566582..46cea9e7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -47,7 +47,7 @@ repos: additional_dependencies: - flake8-docstrings - repo: https://github.com/asottile/pyupgrade - rev: v1.26.2 + rev: v2.0.0 hooks: - id: pyupgrade - repo: https://github.com/PyCQA/bandit @@ -74,7 +74,7 @@ repos: rev: v4.2.0 hooks: - id: ansible-lint - # files: molecule/default/playbook.yml + # files: molecule/default/playbook.yml - repo: https://github.com/antonbabenko/pre-commit-terraform.git rev: v1.12.0 hooks: @@ -88,3 +88,7 @@ repos: rev: 1.19.1 hooks: - id: prettier + - repo: https://github.com/pre-commit/mirrors-mypy + rev: v0.761 + hooks: + - id: mypy From bf366086f48d9b7a7e49b9f44f33b44f6a23aeb3 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Mon, 2 Mar 2020 08:11:32 -0500 Subject: [PATCH 12/29] Add .mypy_cache to .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 073a081e..95b74cd9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ +.mypy_cache __pycache__ .python-version From 454864bc029ce968cbeb8f9f5b88ad1c54522335 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 3 Mar 2020 16:49:53 -0500 Subject: [PATCH 13/29] Incorporate the Python version into keys for pip and pre-commit caches. This should resolve the issue seen when the Python version changes before there is an update to .pre-commit-config.yml which results in pre-commit pointing to a non-existent Python installation. --- .github/workflows/build.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index aff7e7ae..a92cd836 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,20 +14,25 @@ jobs: - uses: actions/setup-python@v1 with: python-version: 3.8 + - name: Store installed Python version + run: | + echo "::set-env name=PY_VERSION::"\ + "$(python -c "import platform;print(platform.python_version())")" - name: Cache pip test requirements uses: actions/cache@v1 with: path: ~/.cache/pip - key: "${{ runner.os }}-pip-test-\ + key: "${{ runner.os }}-pip-test-py${{ env.PY_VERSION }}-\ ${{ hashFiles('**/requirements-test.txt') }}" restore-keys: | + ${{ runner.os }}-pip-test-py${{ env.PY_VERSION }}- ${{ runner.os }}-pip-test- ${{ runner.os }}-pip- - name: Cache pre-commit hooks uses: actions/cache@v1 with: path: ~/.cache/pre-commit - key: "${{ runner.os }}-pre-commit-\ + key: "${{ runner.os }}-pre-commit-py${{ env.PY_VERSION }}-\ ${{ hashFiles('**/.pre-commit-config.yaml') }}" - name: Install dependencies run: | From 478f1688a108dd0f6e634c5f03c7ba6cb816e3f2 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 4 Mar 2020 08:41:59 -0500 Subject: [PATCH 14/29] Change the cache paths from hardcoded values in their appropriate blocks to environment variables declared before the job block. --- .github/workflows/build.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a92cd836..298e93c7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,6 +6,10 @@ on: [ pull_request ] +env: + PIP_CACHE_DIR: ~/.cache/pip + PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit + jobs: build: runs-on: ubuntu-latest @@ -21,7 +25,7 @@ jobs: - name: Cache pip test requirements uses: actions/cache@v1 with: - path: ~/.cache/pip + path: ${{ env.PIP_CACHE_DIR }} key: "${{ runner.os }}-pip-test-py${{ env.PY_VERSION }}-\ ${{ hashFiles('**/requirements-test.txt') }}" restore-keys: | @@ -31,7 +35,7 @@ jobs: - name: Cache pre-commit hooks uses: actions/cache@v1 with: - path: ~/.cache/pre-commit + path: ${{ env.PRE_COMMIT_CACHE_DIR }} key: "${{ runner.os }}-pre-commit-py${{ env.PY_VERSION }}-\ ${{ hashFiles('**/.pre-commit-config.yaml') }}" - name: Install dependencies From d7913343523e9841e1d295a5203e2043f055064b Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 4 Mar 2020 10:56:39 -0500 Subject: [PATCH 15/29] Add a rule for markdownlint to allow multiple headers with the same name as long as they are not nested in the same heading group. --- .mdl_config.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.mdl_config.json b/.mdl_config.json index 492955ad..7a6f3f8e 100644 --- a/.mdl_config.json +++ b/.mdl_config.json @@ -3,5 +3,8 @@ "code_blocks": false, "tables": false }, + "MD024": { + "allow_different_nesting": true + }, "default": true } From 61790a9bbd22cede3cd41d94115d0e8ad8ba51d1 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 31 Mar 2020 14:41:10 -0400 Subject: [PATCH 16/29] Fixed broken hook id for pre-commit-terraform: terraform_validate_no_variables was changed to terraform_validate in the following commit: https://github.com/antonbabenko/pre-commit-terraform/commit/35e0356188b64a4c5af9a4e7200d936e514cba71. Ran pre-commit autoupdate. --- .pre-commit-config.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 46cea9e7..42b824fb 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -33,7 +33,7 @@ repos: args: - --config=.mdl_config.json - repo: https://github.com/adrienverge/yamllint - rev: v1.20.0 + rev: v1.21.0 hooks: - id: yamllint - repo: https://github.com/detailyang/pre-commit-shell @@ -47,7 +47,7 @@ repos: additional_dependencies: - flake8-docstrings - repo: https://github.com/asottile/pyupgrade - rev: v2.0.0 + rev: v2.1.0 hooks: - id: pyupgrade - repo: https://github.com/PyCQA/bandit @@ -61,7 +61,7 @@ repos: hooks: - id: black - repo: https://github.com/asottile/seed-isort-config - rev: v1.9.4 + rev: v2.1.0 hooks: - id: seed-isort-config - repo: https://github.com/pre-commit/mirrors-isort @@ -76,19 +76,19 @@ repos: - id: ansible-lint # files: molecule/default/playbook.yml - repo: https://github.com/antonbabenko/pre-commit-terraform.git - rev: v1.12.0 + rev: v1.27.0 hooks: - id: terraform_fmt - - id: terraform_validate_no_variables + - id: terraform_validate - repo: https://github.com/IamTheFij/docker-pre-commit rev: v1.0.1 hooks: - id: docker-compose-check - repo: https://github.com/prettier/prettier - rev: 1.19.1 + rev: 2.0.2 hooks: - id: prettier - repo: https://github.com/pre-commit/mirrors-mypy - rev: v0.761 + rev: v0.770 hooks: - id: mypy From 0bc1aab45e2338e658a63a9b92e9f9d14eafdec8 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 6 Apr 2020 12:05:57 -0400 Subject: [PATCH 17/29] Ran `pre-commit autoupdate` to get the latest version of the `pre-commit-terraform` hook since the PR I submitted, https://github.com/antonbabenko/pre-commit-terraform/pull/100, was approved. This will fix issues with `skeleton-tf-module` related to multiple directories with Terraform code. --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 42b824fb..129aa39a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -76,7 +76,7 @@ repos: - id: ansible-lint # files: molecule/default/playbook.yml - repo: https://github.com/antonbabenko/pre-commit-terraform.git - rev: v1.27.0 + rev: v1.29.0 hooks: - id: terraform_fmt - id: terraform_validate @@ -85,7 +85,7 @@ repos: hooks: - id: docker-compose-check - repo: https://github.com/prettier/prettier - rev: 2.0.2 + rev: 2.0.4 hooks: - id: prettier - repo: https://github.com/pre-commit/mirrors-mypy From b01a0ee7bd1e0854b4c4c6bb999316c21221c97f Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 6 Apr 2020 13:47:18 -0400 Subject: [PATCH 18/29] Explicitly install pre-commit hooks as its own step so it's clearer when the failure is with setup rather than hooks running. --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 298e93c7..6026d47f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -42,5 +42,7 @@ jobs: run: | python -m pip install --upgrade pip pip install --upgrade --requirement requirements-test.txt + - name: Install pre-commit hooks + run: pre-commit install-hooks - name: Run pre-commit on all files run: pre-commit run --all-files From 1f3d440a1af6283621b5584da9b56e2747d40a0b Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 6 Apr 2020 19:02:31 -0400 Subject: [PATCH 19/29] Rename action to accurately reflect that we are only linting, not building. Adjust description for pre-commit hook setup to better convey what is being done. --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6026d47f..9c6b03a9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ env: PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit jobs: - build: + lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -42,7 +42,7 @@ jobs: run: | python -m pip install --upgrade pip pip install --upgrade --requirement requirements-test.txt - - name: Install pre-commit hooks + - name: Set up pre-commit hook environments run: pre-commit install-hooks - name: Run pre-commit on all files run: pre-commit run --all-files From 647b351997ab7cafd391bdabda7b1b5e68214b8a Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 6 Apr 2020 19:04:21 -0400 Subject: [PATCH 20/29] Sort .gitignore entries. --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 95b74cd9..e00826d9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ .mypy_cache -__pycache__ .python-version +__pycache__ From c8b4bcf126989abf35e4ce226263ef7da139c959 Mon Sep 17 00:00:00 2001 From: Hillary Date: Tue, 14 Apr 2020 12:43:18 -0400 Subject: [PATCH 21/29] Update CODEOWNERS --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 32918e84..a3619be9 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -4,4 +4,4 @@ # the repo. Unless a later match takes precedence, # these owners will be requested for review when someone # opens a pull request. -* @dav3r @felddy @jsf9k @mcdonnnj @cisagov/team-ois +* @dav3r @felddy @hillaryj @jsf9k @mcdonnnj @cisagov/team-ois From 8c99c5294a798bca98a68212507fce924505a289 Mon Sep 17 00:00:00 2001 From: Felddy Date: Thu, 30 Apr 2020 23:31:59 -0400 Subject: [PATCH 22/29] Allow events from apb to rebuild this repository weekly. --- .github/workflows/build.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9c6b03a9..5fe2f8b4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,10 +1,11 @@ --- name: build -on: [ - push, - pull_request -] +on: + push: + pull_request: + repository_dispatch: + types: [apb] env: PIP_CACHE_DIR: ~/.cache/pip From 7d7a6774571c4727b4858b1117c31f97160131da Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Fri, 8 May 2020 17:49:17 -0400 Subject: [PATCH 23/29] Updated pre-commit configuration with 'pre-commit autoupdate'. --- .pre-commit-config.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 129aa39a..de0152b0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -27,13 +27,13 @@ repos: - id: requirements-txt-fixer - id: trailing-whitespace - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.22.0 + rev: v0.23.0 hooks: - id: markdownlint args: - --config=.mdl_config.json - repo: https://github.com/adrienverge/yamllint - rev: v1.21.0 + rev: v1.23.0 hooks: - id: yamllint - repo: https://github.com/detailyang/pre-commit-shell @@ -41,13 +41,13 @@ repos: hooks: - id: shell-lint - repo: https://gitlab.com/pycqa/flake8 - rev: 3.7.9 + rev: 3.8.0a2 hooks: - id: flake8 additional_dependencies: - flake8-docstrings - repo: https://github.com/asottile/pyupgrade - rev: v2.1.0 + rev: v2.4.1 hooks: - id: pyupgrade - repo: https://github.com/PyCQA/bandit @@ -61,7 +61,7 @@ repos: hooks: - id: black - repo: https://github.com/asottile/seed-isort-config - rev: v2.1.0 + rev: v2.1.1 hooks: - id: seed-isort-config - repo: https://github.com/pre-commit/mirrors-isort @@ -71,12 +71,12 @@ repos: hooks: - id: isort - repo: https://github.com/ansible/ansible-lint.git - rev: v4.2.0 + rev: v4.3.0a0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml - repo: https://github.com/antonbabenko/pre-commit-terraform.git - rev: v1.29.0 + rev: v1.30.0 hooks: - id: terraform_fmt - id: terraform_validate @@ -85,7 +85,7 @@ repos: hooks: - id: docker-compose-check - repo: https://github.com/prettier/prettier - rev: 2.0.4 + rev: 2.0.5 hooks: - id: prettier - repo: https://github.com/pre-commit/mirrors-mypy From cda200cfd1be3dfa44fbb2f271e571b43d560691 Mon Sep 17 00:00:00 2001 From: Felddy Date: Mon, 11 May 2020 21:52:31 -0400 Subject: [PATCH 24/29] Add Lineage configuration. --- .github/lineage.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/lineage.yml diff --git a/.github/lineage.yml b/.github/lineage.yml new file mode 100644 index 00000000..8dfc20b5 --- /dev/null +++ b/.github/lineage.yml @@ -0,0 +1,6 @@ +--- +version: "1" + +lineage: + skeleton: + remote-url: https://github.com/cisagov/skeleton-generic.git From ce6658abc69d1444e51f45c20441c98e6b54c086 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 13 May 2020 15:25:31 -0400 Subject: [PATCH 25/29] Update isort pre-commit hook source repository. The mirrors-isort respository has been deprecated per this Pull Request: https://github.com/pre-commit/mirrors-isort/pull/13 Since isort includes pre-commit configuration in current versions we will switch to using it directly. --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index de0152b0..5be35e4f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -64,10 +64,10 @@ repos: rev: v2.1.1 hooks: - id: seed-isort-config - - repo: https://github.com/pre-commit/mirrors-isort + - repo: https://github.com/timothycrosley/isort # pick the isort version you'd like to use from # https://github.com/pre-commit/mirrors-isort/releases - rev: v4.3.21 + rev: 4.3.21 hooks: - id: isort - repo: https://github.com/ansible/ansible-lint.git From daaebc1cc13782e8fb39be6815aa53bf3efd44f3 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 13 May 2020 15:30:04 -0400 Subject: [PATCH 26/29] Ran pre-commit autoupdate. --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5be35e4f..a2e4f768 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -41,7 +41,7 @@ repos: hooks: - id: shell-lint - repo: https://gitlab.com/pycqa/flake8 - rev: 3.8.0a2 + rev: 3.8.1 hooks: - id: flake8 additional_dependencies: From 2399f24622b1d6be92c494653d9308e9694c5496 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 13 May 2020 15:35:36 -0400 Subject: [PATCH 27/29] Remove legacy comment from the isort hook declaration. This comment references the mirrors-isort repository that we are no longer using. --- .pre-commit-config.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a2e4f768..bf8ae6ee 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -65,8 +65,6 @@ repos: hooks: - id: seed-isort-config - repo: https://github.com/timothycrosley/isort - # pick the isort version you'd like to use from - # https://github.com/pre-commit/mirrors-isort/releases rev: 4.3.21 hooks: - id: isort From fe4d5eb72a8f6ce9e23daae98d7a0c87675a9da4 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 13 May 2020 16:07:18 -0400 Subject: [PATCH 28/29] Disable the terraform_validate hook. We have seen a number of issues related to this hook ever since it was re-enabled. It will need to remain disabled until at least the 0.13 Terraform release, and can only be re-enabled if all issues we have seen have been resolved in how `terraform validate` operates. --- .pre-commit-config.yaml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index bf8ae6ee..74af27ce 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -77,7 +77,19 @@ repos: rev: v1.30.0 hooks: - id: terraform_fmt - - id: terraform_validate + # There are ongoing issues with how this command works. This issue + # documents the core issue: + # https://github.com/hashicorp/terraform/issues/21408 + # We have seen issues primarily with proxy providers and Terraform code + # that uses remote state. The PR + # https://github.com/hashicorp/terraform/pull/24887 + # has been approved and is part of the 0.13 release to resolve the issue + # with remote states. + # The PR + # https://github.com/hashicorp/terraform/pull/24896 + # is a proprosed fix to deal with `terraform validate` with proxy + # providers (among other configurations). + # - id: terraform_validate - repo: https://github.com/IamTheFij/docker-pre-commit rev: v1.0.1 hooks: From f831ef827cae16fd288f2e7a16fedc53c6e06873 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 13 May 2020 21:34:58 -0400 Subject: [PATCH 29/29] Add final statement to descriptionf or why terraform_validate is disabled. Review noticed that there lacked a determination for what we were doing about the problem with the terraform_validate hook. I described the problems but failed to mention what our path forward would be. This commit rectifies that oversight. --- .pre-commit-config.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 74af27ce..b7c55182 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -89,6 +89,9 @@ repos: # https://github.com/hashicorp/terraform/pull/24896 # is a proprosed fix to deal with `terraform validate` with proxy # providers (among other configurations). + # We have decided to disable the terraform_validate hook until the issues + # above have been resolved, which we hope will be with the release of + # Terraform 0.13. # - id: terraform_validate - repo: https://github.com/IamTheFij/docker-pre-commit rev: v1.0.1