SeisoLLC · JonZeolla · Aug 31, 2023 · Sep 1, 2023 · Sep 1, 2023 · Sep 1, 2023
@@ -58,15 +58,6 @@ jobs:
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
-      - name: Install the dependencies
-        run: |
-          python -m pip install --upgrade pipenv
-          mkdir "${RUNNER_TEMP}/bin"
-          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b "${RUNNER_TEMP}/bin"
-          chmod +x "${RUNNER_TEMP}/bin/syft"
-          curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b "${RUNNER_TEMP}/bin"
-          chmod +x "${RUNNER_TEMP}/bin/grype"
-          echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}"
       - name: Install Task
         uses: arduino/setup-task@v1
       - name: Initialize the repo
@@ -96,8 +87,6 @@ jobs:
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
-      - name: Install the dependencies
-        run: python -m pip install --upgrade pipenv
       - name: Install Task
         uses: arduino/setup-task@v1
       - name: Initialize the repo

@@ -26,14 +26,12 @@ jobs:
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
-      - name: Install the dependencies
-        run: |
-          python -m pip install --upgrade pipenv
-          echo "CODEQL_PYTHON=$(pipenv run which python)" >> "${GITHUB_ENV}"
       - name: Install Task
         uses: arduino/setup-task@v1
       - name: Initialize the repo
         run: task -v init
+      - name: Setup CodeQL
+        run: echo "CODEQL_PYTHON=$(pipenv run which python)" >> "${GITHUB_ENV}"
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:

@@ -30,8 +30,6 @@ jobs:
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
-      - name: Install the dependencies
-        run: python -m pip install --upgrade pipenv
       - name: Install Task
         uses: arduino/setup-task@v1
       - name: Initialize the repo

@@ -1,6 +1,6 @@
 ---
 repos:
   - repo: https://github.com/seisollc/goat
-    rev: a8d2863396772ec95330996372dd4e48f2490438  # frozen: v2023.08.22
+    rev: 6525fcbbea8dacda7c09e20ac8a78c2b763ccaa4  # frozen: v2023.08.26
     hooks:
       - id: seiso-lint
@@ -13,7 +13,8 @@ vars:
   INPUT_EXCLUDE: .*\{\{.*\}\}.*
   PYTHON_VERSION: 3.11
   VERSION:
-    sh: pipenv run python -c 'from {{.PROJECT_SLUG}} import __version__; print(__version__)'
+    # Does not use pipenv to avoid pipenv as a project bootstrapping requirement
+    sh: python -c 'from {{.PROJECT_SLUG}} import __version__; print(__version__)'
 
 includes:
   py:
@@ -33,6 +34,8 @@ tasks:
     internal: true
     sources:
       - Pipfile.lock
+    preconditions:
+      - which pipenv || python -m pip install --upgrade pipenv
     cmds:
       - pipenv install --deploy --ignore-pipfile --dev
 

@@ -176,6 +176,17 @@ def test_default_project(cookies):
                 "task",
                 "-v",
                 "init",
+            ],
+            capture_output=True,
+            check=True,
+            cwd=project,
+            env=env,
+        )
+
+        subprocess.run(
+            [
+                "task",
+                "-v",
                 "lint",
                 "validate",
                 "build",

@@ -0,0 +1,2 @@
+[report]
+fail_under = 75
@@ -49,15 +49,6 @@ jobs:
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ "{{ runner.os }}" }}-python-${{ "{{ env.python_version }}" }}-pipenv-${{ "{{ hashFiles('Pipfile.lock') }}" }}
-      - name: Install the dependencies
-        run: |
-          python -m pip install --upgrade pipenv
-          mkdir "${RUNNER_TEMP}/bin"
-          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b "${RUNNER_TEMP}/bin"
-          chmod +x "${RUNNER_TEMP}/bin/syft"
-          curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b "${RUNNER_TEMP}/bin"
-          chmod +x "${RUNNER_TEMP}/bin/grype"
-          echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}"
       - name: Install Task
         uses: arduino/setup-task@v1
       - name: Initialize the repo
@@ -118,8 +109,6 @@ jobs:
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ "{{ runner.os }}" }}-python-${{ "{{ env.python_version }}" }}-pipenv-${{ "{{ hashFiles('Pipfile.lock') }}" }}
-      - name: Install the dependencies
-        run: python -m pip install --upgrade pipenv
       - name: Install Task
         uses: arduino/setup-task@v1
       - name: Initialize the repo
@@ -169,8 +158,6 @@ jobs:
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ "{{ runner.os }}" }}-python-${{ "{{ env.python_version }}" }}-pipenv-${{ "{{ hashFiles('Pipfile.lock') }}" }}
-      - name: Install the dependencies
-        run: python -m pip install --upgrade pipenv
       - name: Install Task
         uses: arduino/setup-task@v1
       - name: Initialize the repo

@@ -39,8 +39,6 @@ jobs:
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ "{{ runner.os }}" }}-python-${{ "{{ env.python_version }}" }}-pipenv-${{ "{{ hashFiles('Pipfile.lock') }}" }}
-      - name: Install the dependencies
-        run: python -m pip install --upgrade pipenv
       - name: Install Task
         uses: arduino/setup-task@v1
       - name: Initialize the repo

@@ -36,14 +36,12 @@ jobs:
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ "{{ runner.os }}" }}-python-${{ "{{ env.python_version }}" }}-pipenv-${{ "{{ hashFiles('Pipfile.lock') }}" }}
-      - name: Install the dependencies
-        run: |
-          python -m pip install --upgrade pipenv
-          echo "CODEQL_PYTHON=$(pipenv run which python)" >> "${GITHUB_ENV}"
       - name: Install Task
         uses: arduino/setup-task@v1
       - name: Initialize the repo
         run: task -v init
+      - name: Setup CodeQL
+        run: echo "CODEQL_PYTHON=$(pipenv run which python)" >> "${GITHUB_ENV}"
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:

@@ -30,8 +30,6 @@ jobs:
         with:
           path: ~/.local/share/virtualenvs
           key: ${{ "{{ runner.os }}" }}-python-${{ "{{ env.python_version }}" }}-pipenv-${{ "{{ hashFiles('Pipfile.lock') }}" }}
-      - name: Install the dependencies
-        run: python -m pip install --upgrade pipenv
       - name: Install Task
         uses: arduino/setup-task@v1
       - name: Initialize the repo

@@ -4,7 +4,7 @@ Welcome to {{ cookiecutter.project_name }}
 
 ## Getting Started
 
-First, you need to ensure you have `task`, `docker`, `git`, `pipenv`, and `python3` installed locally, and the `docker` daemon is running.
+First, you need to ensure you have `task`, `docker`, `git`, and `python3` installed locally, and the `docker` daemon is running.
 
 Then, you can setup your local environment via:
 

@@ -19,13 +19,19 @@ includes:
       PYTHON_VERSION: '{{ "{{.PYTHON_VERSION}}" }}'
       VERSION: '{{ "{{.VERSION}}" }}'
 
+  base:
+    taskfile: ./goat/Task/Taskfile.yml
+    internal: true
+    optional: true
+
 vars:
   IMAGE_NAME: seiso/{{ cookiecutter.project_slug }}
   PROJECT_SLUG: {{ cookiecutter.project_slug }}
   PYTHON_VERSION: {{ cookiecutter.python_version }}
   SUPPORTED_PLATFORMS: 'linux/amd64,linux/arm64'
   VERSION:
-    sh: pipenv run python -c 'from {{ "{{" }}.PROJECT_SLUG{{ "}}" }} import __version__; print(__version__)'
+    # Does not use pipenv to avoid pipenv as a project bootstrapping requirement
+    sh: python -c 'from {{ "{{" }}.PROJECT_SLUG{{ "}}" }} import __version__; print(__version__)'
   LOCAL_PLATFORM:
     # Inspired by https://github.com/containerd/containerd/blob/e0912c068b131b33798ae45fd447a1624a6faf0a/platforms/database.go#L76
     sh: |
@@ -50,6 +56,8 @@ tasks:
     internal: true
     sources:
       - Pipfile.lock
+    preconditions:
+      - which pipenv || python -m pip install --upgrade pipenv
     cmds:
       - pipenv install --deploy --ignore-pipfile --dev
 
@@ -78,12 +86,29 @@ tasks:
       # Don't run this in pipelines
       - '{{ "{{" }}if ne .GITHUB_ACTIONS "true"{{ "}}pipenv run pre-commit install{{else}}echo \"Detected a github actions pipeline; skipping the pre-commit install\"{{end}}" }}'
 
+  init-install-tools:
+    desc: Install required tools
+    internal: true
+    cmds:
+      - task: base:mac-brew-install
+        vars:
+          TOOLS: syft,grype
+      - task: base:runner-curl-install
+        vars:
+          INSTALL_URL: https://raw.githubusercontent.com/anchore/syft/main/install.sh
+          TOOL: syft
+      - task: base:runner-curl-install
+        vars:
+          INSTALL_URL: https://raw.githubusercontent.com/anchore/grype/main/install.sh
+          TOOL: grype
+
   init:
     desc: Initialize the repo for local use; intended to be run after git clone
     cmds:
       - task: init-pipenv
       - task: init-submodules
       - task: init-pre-commit
+      - task: init-install-tools
 
   lint:
     desc: Run the linter(s); paved road projects use the Seiso goat 🐐
+0 −14		.github/PULL_REQUEST_TEMPLATE.md
+0 −18		.github/workflows/commit.yml
+0 −2		.github/workflows/update.yml
+55 −2		Task/Taskfile.yml
+62 −0		Task/lambda/Taskfile.yml
+21 −0		Task/terraform/Taskfile.yml
+24 −0		Taskfile.yml
+1 −1		VERSION
+1 −1		action.yml
+1 −1		setup.cfg