From 66fd96b2f3dbf40aaaff3a0b1b00d33b2d353a51 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 23 Apr 2024 22:38:02 +0000 Subject: [PATCH] Automated update to primary components (#322) Signed-off-by: Seiso Automation Co-authored-by: JonZeolla Co-authored-by: Jon Zeolla --- .github/workflows/commit.yml | 64 ++++++++++--------- .github/workflows/update.yml | 8 +-- .pre-commit-config.yaml | 2 +- CONTRIBUTING.md | 4 +- Pipfile.lock | 56 ++++++++-------- easy_infra.yml | 16 ++--- easy_infra/__init__.py | 1 + easy_infra/utils.py | 6 +- goat | 2 +- .../hooks/secure_builtin_version/secure.tf | 2 +- tests/test.py | 12 ++-- 11 files changed, 89 insertions(+), 84 deletions(-) diff --git a/.github/workflows/commit.yml b/.github/workflows/commit.yml index b38d803f..fa3cf5cd 100644 --- a/.github/workflows/commit.yml +++ b/.github/workflows/commit.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout the repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - uses: seisollc/goat@main with: exclude: (.*tests/(ansible|terraform|cloudformation)/.*|.*build/Dockerfile\.j2$) @@ -35,18 +35,18 @@ jobs: test-matrix: ${{ steps.set-testing-outputs.outputs.test-matrix }} steps: - name: Checkout the repository - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + uses: actions/checkout@v4 + - uses: actions/setup-python@v5 with: python-version: ${{ env.python_version }} - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.local/share/virtualenvs key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }} - name: Install the dependencies run: python -m pip install --upgrade pipenv - name: Install Task - uses: arduino/setup-task@v1 + uses: arduino/setup-task@v2 - name: Initialize the repo run: task -v init - name: Gather the image matrix @@ -71,11 +71,11 @@ jobs: matrix: ${{ fromJSON(needs.generate-matrixes.outputs.test-matrix) }} steps: - name: Checkout the repository - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + uses: actions/checkout@v4 + - uses: actions/setup-python@v5 with: python-version: ${{ env.python_version }} - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.local/share/virtualenvs key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }} @@ -89,7 +89,7 @@ jobs: chmod +x "${RUNNER_TEMP}/bin/grype" echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}" - name: Install Task - uses: arduino/setup-task@v1 + uses: arduino/setup-task@v2 - name: Initialize the repo run: task -v init - name: Build the image @@ -99,25 +99,29 @@ jobs: ENVIRONMENT: ${{ matrix.environment }} - name: Generate the SBOM run: task -v sbom + if: matrix.user == 'root' env: TOOL: ${{ matrix.tool }} ENVIRONMENT: ${{ matrix.environment }} - name: Upload the SBOM - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 + if: matrix.user == 'root' with: name: SBOM_${{ matrix.tool }}_${{ matrix.environment }} - path: sbom.*.json + path: sbom.2*.json if-no-files-found: error - name: Generate Vuln scan results run: task -v vulnscan + if: matrix.user == 'root' env: TOOL: ${{ matrix.tool }} ENVIRONMENT: ${{ matrix.environment }} - name: Upload Vuln scan result - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 + if: matrix.user == 'root' with: name: Vulns_${{ matrix.tool }}_${{ matrix.environment }} - path: vulns.*.json + path: vulns.2*.json if-no-files-found: error - name: Run tests run: task -v test @@ -137,21 +141,21 @@ jobs: git_tag: ${{ steps.bump-version.outputs.git_tag }} steps: - name: Checkout the repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: token: ${{ secrets.SEISO_AUTOMATION_PAT }} fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: ${{ env.python_version }} - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.local/share/virtualenvs key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }} - name: Install the dependencies run: python -m pip install --upgrade pipenv - name: Install Task - uses: arduino/setup-task@v1 + uses: arduino/setup-task@v2 - name: Initialize the repo run: task -v init - name: Bump the version @@ -173,14 +177,14 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout the repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 ref: "${{ needs.bump-version.outputs.git_tag }}" - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: ${{ env.python_version }} - - uses: actions/cache@v3 + - uses: actions/cache@v4 with: path: ~/.local/share/virtualenvs key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }} @@ -194,7 +198,7 @@ jobs: chmod +x "${RUNNER_TEMP}/bin/grype" echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}" - name: Install Task - uses: arduino/setup-task@v1 + uses: arduino/setup-task@v2 - name: Initialize the repo run: task -v init - name: Build the image @@ -208,10 +212,10 @@ jobs: TOOL: ${{ matrix.tool }} ENVIRONMENT: ${{ matrix.environment }} - name: Upload the SBOM - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: SBOM_${{ matrix.tool }}_${{ matrix.environment }} - path: sbom.*.json + path: sbom.2*.json if-no-files-found: error - name: Generate Vuln scan results run: task -v vulnscan @@ -219,10 +223,10 @@ jobs: TOOL: ${{ matrix.tool }} ENVIRONMENT: ${{ matrix.environment }} - name: Upload Vuln scan result - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: Vulns_${{ matrix.tool }}_${{ matrix.environment }} - path: vulns.*.json + path: vulns.2*.json if-no-files-found: error - name: Run tests run: task -v test @@ -232,7 +236,7 @@ jobs: USER: ${{ matrix.user }} DEBUG: "True" - name: Log in to Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -268,16 +272,16 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout the repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 ref: "${{ needs.bump-version.outputs.git_tag }}" - name: Download the SBOMs and Vuln scan results - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: path: ${{ runner.temp }} - name: Publish the release to GitHub - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -291,7 +295,7 @@ jobs: draft: false prerelease: false - name: Publish the release README to Docker Hub - uses: peter-evans/dockerhub-description@v3 + uses: peter-evans/dockerhub-description@v4 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index 8f2a37a7..f2b00720 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -19,20 +19,20 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout the repository - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + uses: actions/checkout@v4 + - uses: actions/setup-python@v5 with: python-version: ${{ env.python_version }} - name: Install the dependencies run: python -m pip install --upgrade pipenv - name: Install Task - uses: arduino/setup-task@v1 + uses: arduino/setup-task@v2 - name: Initialize the repo run: task -v init - name: Update the repository run: task -v update - name: Create or update a pull request - uses: peter-evans/create-pull-request@v4 + uses: peter-evans/create-pull-request@v6 with: title: Automated update to primary components commit-message: Automated update to primary components diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index caa557bc..bdb518f8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ --- repos: - repo: https://github.com/seisollc/goat - rev: c1efc95962d02dd9f6952f74de6f91a11e15459f # frozen: v2024.01.04 + rev: b571b58cefe8a8560badcf428978323aa769f9f9 # frozen: v2024.04.01 hooks: - id: seiso-lint diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d487086c..d34402d6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,9 +13,9 @@ To get started with contributing to this project, you first want to ensure that First, ensure you have the `task` binary available in your `PATH`. To download `task`, [click here](https://taskfile.dev/). You'll also need `docker`, `git`, `pipenv`, and `python3` installed locally, and have the `docker` daemon running. Then run `task init` to initialize the repository. -If you'd like to [run the test suite](#running-the-tests), you will also need `grype` downloaded and in your `PATH`. +If you'd like to run the test suite, you will also need `grype` downloaded and in your `PATH`. -If you'd like to [generate an SBOM](#generating-the-sboms), you will also need `syft` downloaded and in your `PATH`. +If you'd like to generate an SBOM, you will also need `syft` downloaded and in your `PATH`. ### Building the images diff --git a/Pipfile.lock b/Pipfile.lock index 112afbd4..03c8cc8e 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -195,19 +195,19 @@ }, "docutils": { "hashes": [ - "sha256:96f387a2c5562db4476f09f13bbab2192e764cac08ebbf3a34a95d9b1e4a59d6", - "sha256:f08a4e276c3a1583a86dce3e34aba3fe04d02bba2dd51ed16106244e8a923e3b" + "sha256:14c8d34a55b46c88f9f714adb29cefbdd69fb82f3fef825e59c5faab935390d8", + "sha256:65249d8a5345bc95e0f40f280ba63c98eb24de35c6c8f5b662e3e8948adea83f" ], - "markers": "python_version >= '3.7'", - "version": "==0.20.1" + "markers": "python_version >= '3.9'", + "version": "==0.21.1" }, "filelock": { "hashes": [ - "sha256:521f5f56c50f8426f5e03ad3b281b490a87ef15bc6c526f168290f0c7148d44e", - "sha256:57dbda9b35157b05fb3e58ee91448612eb674172fab98ee235ccb0b5bee19a1c" + "sha256:404e5e9253aa60ad457cae1be07c0f0ca90a63931200a47d9b6a6af84fd7b45f", + "sha256:d13f466618bfde72bd2c18255e269f72542c6e70e7bac83a0232d6b1cc5c8cf4" ], "markers": "python_version >= '3.8'", - "version": "==3.13.1" + "version": "==3.13.4" }, "gitdb": { "hashes": [ @@ -219,28 +219,28 @@ }, "gitpython": { "hashes": [ - "sha256:1bf9cd7c9e7255f77778ea54359e54ac22a72a5b51288c457c881057b7bb9ecd", - "sha256:2d99869e0fef71a73cbd242528105af1d6c1b108c60dfabd994bf292f76c3ceb" + "sha256:35f314a9f878467f5453cc1fee295c3e18e52f1b99f10f6cf5b1682e968a9e7c", + "sha256:eec7ec56b92aad751f9912a73404bc02ba212a23adb2c7098ee668417051a1ff" ], "index": "pypi", "markers": "python_version >= '3.7'", - "version": "==3.1.42" + "version": "==3.1.43" }, "identify": { "hashes": [ - "sha256:10a7ca245cfcd756a554a7288159f72ff105ad233c7c4b9c6f0f4d108f5f6791", - "sha256:c4de0081837b211594f8e877a6b4fad7ca32bbfc1a9307fdd61c28bfe923f13e" + "sha256:37d93f380f4de590500d9dba7db359d0d3da95ffe7f9de1753faa159e71e7dfa", + "sha256:e5e00f54165f9047fbebeb4a560f9acfb8af4c88232be60a488e9b68d122745d" ], "markers": "python_version >= '3.8'", - "version": "==2.5.35" + "version": "==2.5.36" }, "idna": { "hashes": [ - "sha256:9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca", - "sha256:c05567e9c24a6b9faaa835c4821bad0590fbb9d5779e7caa6e1cc4978e7eb24f" + "sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc", + "sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0" ], "markers": "python_version >= '3.5'", - "version": "==3.6" + "version": "==3.7" }, "imagesize": { "hashes": [ @@ -392,12 +392,12 @@ }, "pre-commit": { "hashes": [ - "sha256:ba637c2d7a670c10daedc059f5c49b5bd0aadbccfcd7ec15592cf9665117532c", - "sha256:c3ef34f463045c88658c5b99f38c1e297abdcc0ff13f98d3370055fbbfabc67e" + "sha256:5eae9e10c2b5ac51577c3452ec0a490455c45a0533f7960f993a0d01e59decab", + "sha256:e209d61b8acdcf742404408531f0c37d49d2c734fd7cff2d6076083d191cb060" ], "index": "pypi", "markers": "python_version >= '3.9'", - "version": "==3.6.2" + "version": "==3.7.0" }, "pygments": { "hashes": [ @@ -485,11 +485,11 @@ }, "setuptools": { "hashes": [ - "sha256:0ff4183f8f42cd8fa3acea16c45205521a4ef28f73c6391d8a25e92893134f2e", - "sha256:c21c49fb1042386df081cb5d86759792ab89efca84cf114889191cd09aacc80c" + "sha256:6c1fccdac05a97e598fb0ae3bbed5904ccb317337a51139dcd51453611bbb987", + "sha256:c636ac361bc47580504644275c9ad802c50415c7522212252c033bd15f301f32" ], "markers": "python_version >= '3.8'", - "version": "==69.2.0" + "version": "==69.5.1" }, "smmap": { "hashes": [ @@ -508,12 +508,12 @@ }, "sphinx": { "hashes": [ - "sha256:1e09160a40b956dc623c910118fa636da93bd3ca0b9876a7b3df90f07d691560", - "sha256:9a5160e1ea90688d5963ba09a2dcd8bdd526620edbb65c328728f1b2228d5ab5" + "sha256:413f75440be4cacf328f580b4274ada4565fb2187d696a84970c23f77b64d8c3", + "sha256:a4a7db75ed37531c05002d56ed6948d4c42f473a36f46e1382b0bd76ca9627bc" ], "index": "pypi", "markers": "python_version >= '3.9'", - "version": "==7.2.6" + "version": "==7.3.7" }, "sphinxcontrib-applehelp": { "hashes": [ @@ -581,11 +581,11 @@ }, "virtualenv": { "hashes": [ - "sha256:961c026ac520bac5f69acb8ea063e8a4f071bcc9457b9c1f28f6b085c511583a", - "sha256:e08e13ecdca7a0bd53798f356d5831434afa5b07b93f0abdf0797b7a06ffe197" + "sha256:7bb554bbdfeaacc3349fa614ea5bff6ac300fc7c335e9facf3a3bcfc703f45be", + "sha256:8aac4332f2ea6ef519c648d0bc48a5b1d324994753519919bddbb1aff25a104e" ], "markers": "python_version >= '3.7'", - "version": "==20.25.1" + "version": "==20.25.3" } } } diff --git a/easy_infra.yml b/easy_infra.yml index 51860a6a..f701b9be 100644 --- a/easy_infra.yml +++ b/easy_infra.yml @@ -72,20 +72,20 @@ packages: environments: - none name: cloudformation - version: 2.15.30 + version: 2.15.40 version_argument: --version azure-cli: aliases: - az - version: 2.58.0-1~jammy + version: 2.59.0-1~jammy version_argument: version checkov: - version: 3.2.39 + version: 3.2.73 version_argument: --version consul-template: helper: - all - version: v0.37.2 + version: v0.37.4 version_argument: --version envconsul: helper: @@ -95,10 +95,10 @@ packages: fluent-bit: helper: - all - version: v2.2.2 + version: v3.0.2 version_argument: --version kics: - version: v1.7.13 + version: v2.0.0 version_argument: version opentofu: aliases: @@ -116,13 +116,13 @@ packages: env_vars: - TF_DATA_DIR security: *id004 - version: 1.7.5 + version: 1.8.1 version_argument: version terratag: helper: - terraform - opentofu - version: v0.3.3 + version: v0.3.4 tfenv: allow_filter: - match: exec diff --git a/easy_infra/__init__.py b/easy_infra/__init__.py index 50eacf90..cc8aecad 100644 --- a/easy_infra/__init__.py +++ b/easy_infra/__init__.py @@ -1,6 +1,7 @@ """ easy_infra init """ + __maintainer__ = "Seiso" __copyright__ = "(c) 2022 Seiso, LLC" __project_name__ = "easy_infra" diff --git a/easy_infra/utils.py b/easy_infra/utils.py index 2b16fc18..548749e1 100644 --- a/easy_infra/utils.py +++ b/easy_infra/utils.py @@ -262,9 +262,9 @@ def get_github_actions_matrix( testing: bool = False, ) -> str: """Return a matrix of tool/environments or tool/environments/users for use in the github actions pipeline""" - tools_and_environments: dict[ - str, dict[str, list[str]] - ] = gather_tools_and_environments(tool=tool, environment=environment) + tools_and_environments: dict[str, dict[str, list[str]]] = ( + gather_tools_and_environments(tool=tool, environment=environment) + ) if testing: users: list[str] = gather_users(user=user) diff --git a/goat b/goat index b470999b..1259b5d1 160000 --- a/goat +++ b/goat @@ -1 +1 @@ -Subproject commit b470999b3ac6aec796005de5f500571f9f18aa1a +Subproject commit 1259b5d110caadd9c0137490a0bc2742571d48a5 diff --git a/tests/terraform/hooks/secure_builtin_version/secure.tf b/tests/terraform/hooks/secure_builtin_version/secure.tf index 522b2c84..062cd538 100644 --- a/tests/terraform/hooks/secure_builtin_version/secure.tf +++ b/tests/terraform/hooks/secure_builtin_version/secure.tf @@ -1,3 +1,3 @@ terraform { - required_version = "1.7.5" + required_version = "1.8.1" } diff --git a/tests/test.py b/tests/test.py index ad0ebeeb..a0c8fdda 100644 --- a/tests/test.py +++ b/tests/test.py @@ -74,9 +74,9 @@ def test_version_arguments( num_tests_ran: int = 0 - tools_to_environments: dict[ - str, dict[str, list[str]] - ] = utils.gather_tools_and_environments(tool=tool, environment=environment) + tools_to_environments: dict[str, dict[str, list[str]]] = ( + utils.gather_tools_and_environments(tool=tool, environment=environment) + ) # Find the package name for the provided tool package_for_tool: str = utils.get_package_name(tool=tool) @@ -819,9 +819,9 @@ def run_unified_terraform_opentofu( # Setup the cloning learning_mode_and_clone_environment["VCS_DOMAIN"] = "github.com" - learning_mode_and_clone_environment[ - "CLONE_REPOSITORIES" - ] = "seisollc/easy_infra,seisollc/easy_infra" + learning_mode_and_clone_environment["CLONE_REPOSITORIES"] = ( + "seisollc/easy_infra,seisollc/easy_infra" + ) learning_mode_and_clone_environment["CLONE_PROTOCOL"] = "https" # Purposefully missing volumes= because we are using clone to do it