22name : build
33
44on :
5- push :
5+ merge_group :
6+ types :
7+ - checks_requested
68 pull_request :
9+ push :
710 repository_dispatch :
8- types : [apb]
11+ types :
12+ - apb
13+
14+ # Set a default shell for any run steps. The `-Eueo pipefail` sets errtrace,
15+ # nounset, errexit, and pipefail. The `-x` will print all commands as they are
16+ # run. Please see the GitHub Actions documentation for more information:
17+ # https://docs.github.com/en/actions/using-jobs/setting-default-values-for-jobs
18+ defaults :
19+ run :
20+ shell : bash -Eueo pipefail -x {0}
921
1022env :
1123 CURL_CACHE_DIR : ~/.cache/curl
1224 PIP_CACHE_DIR : ~/.cache/pip
1325 PRE_COMMIT_CACHE_DIR : ~/.cache/pre-commit
1426 RUN_TMATE : ${{ secrets.RUN_TMATE }}
27+ TERRAFORM_DOCS_REPO_BRANCH_NAME : improvement/support_atx_closed_markdown_headers
28+ TERRAFORM_DOCS_REPO_DEPTH : 1
29+ TERRAFORM_DOCS_REPO_URL : https://github.com/mcdonnnj/terraform-docs.git
1530
1631jobs :
1732 diagnostics :
2742 egress-policy : audit
2843 - id : github-status
2944 name : Check GitHub status
30- uses : crazy-max/ghaction-github-status@v3
45+ uses : crazy-max/ghaction-github-status@v4
3146 - id : dump-context
3247 name : Dump context
3348 uses : crazy-max/ghaction-dump-context@v2
@@ -45,20 +60,20 @@ jobs:
4560 uses : cisagov/setup-env-github-action@develop
4661 - uses : actions/checkout@v4
4762 - id : setup-python
48- uses : actions/setup-python@v4
63+ uses : actions/setup-python@v5
4964 with :
50- python-version : " 3.11 "
65+ python-version : ${{ steps.setup-env.outputs.python-version }}
5166 # We need the Go version and Go cache location for the actions/cache step,
5267 # so the Go installation must happen before that.
5368 - id : setup-go
54- uses : actions/setup-go@v4
69+ uses : actions/setup-go@v5
5570 with :
5671 # There is no expectation for actual Go code so we disable caching as
5772 # it relies on the existence of a go.sum file.
5873 cache : false
59- go-version : " 1.20 "
60- - name : Lookup Go cache directory
61- id : go- cache
74+ go-version : ${{ steps.setup-env.outputs.go-version }}
75+ - id : go- cache
76+ name : Lookup Go cache directory
6277 run : |
6378 echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT
6479uses : actions/cache@v3
6984 packer${{ steps.setup-env.outputs.packer-version }}-\
7085 tf${{ steps.setup-env.outputs.terraform-version }}-"
7186 with :
87+ # We do not use '**/setup.py' in the cache key so only the 'setup.py'
88+ # file in the root of the repository is used. This is in case a Python
89+ # package were to have a 'setup.py' as part of its internal codebase.
90+ key : " ${{ env.BASE_CACHE_KEY }}\
91+ ${{ hashFiles('**/requirements-test.txt') }}-\
92+ ${{ hashFiles('**/requirements.txt') }}-\
93+ ${{ hashFiles('**/.pre-commit-config.yaml') }}-\
94+ ${{ hashFiles('setup.py') }}"
7295 # Note that the .terraform directory IS NOT included in the
7396 # cache because if we were caching, then we would need to use
7497 # the `-upgrade=true` option. This option blindly pulls down the
@@ -80,14 +103,6 @@ jobs:
80103 ${{ env.PRE_COMMIT_CACHE_DIR }}
81104 ${{ env.CURL_CACHE_DIR }}
82105 ${{ steps.go-cache.outputs.dir }}
83- # We do not use '**/setup.py' in the cache key so only the 'setup.py'
84- # file in the root of the repository is used. This is in case a Python
85- # package were to have a 'setup.py' as part of its internal codebase.
86- key : " ${{ env.BASE_CACHE_KEY }}\
87- ${{ hashFiles('**/requirements-test.txt') }}-\
88- ${{ hashFiles('**/requirements.txt') }}-\
89- ${{ hashFiles('**/.pre-commit-config.yaml') }}-\
90- ${{ hashFiles('setup.py') }}"
91106restore-keys : |
92107 ${{ env.BASE_CACHE_KEY }}
93108name : Setup curl cache
@@ -105,34 +120,46 @@ jobs:
105120 ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}"
106121 sudo mv /usr/local/bin/packer /usr/local/bin/packer-default
107122 sudo ln -s /opt/packer/packer /usr/local/bin/packer
108- uses : hashicorp/setup-terraform@v2
123+ uses : hashicorp/setup-terraform@v3
109124 with :
110125 terraform_version : ${{ steps.setup-env.outputs.terraform-version }}
111126 - name : Install go-critic
112127 env :
113128 PACKAGE_URL : github.com/go-critic/go-critic/cmd/gocritic
114129 PACKAGE_VERSION : ${{ steps.setup-env.outputs.go-critic-version }}
115130 run : go install ${PACKAGE_URL}@${PACKAGE_VERSION}
131+ - name : Install goimports
132+ env :
133+ PACKAGE_URL : golang.org/x/tools/cmd/goimports
134+ PACKAGE_VERSION : ${{ steps.setup-env.outputs.goimports-version }}
135+ run : go install ${PACKAGE_URL}@${PACKAGE_VERSION}
116136 - name : Install gosec
117137 env :
118138 PACKAGE_URL : github.com/securego/gosec/v2/cmd/gosec
119139 PACKAGE_VERSION : ${{ steps.setup-env.outputs.gosec-version }}
120140 run : go install ${PACKAGE_URL}@${PACKAGE_VERSION}
121- - name : Install shfmt
122- env :
123- PACKAGE_URL : mvdan.cc/sh/v3/cmd/shfmt
124- PACKAGE_VERSION : ${{ steps.setup-env.outputs.shfmt-version }}
125- run : go install ${PACKAGE_URL}@${PACKAGE_VERSION}
126141 - name : Install staticcheck
127142 env :
128143 PACKAGE_URL : honnef.co/go/tools/cmd/staticcheck
129144 PACKAGE_VERSION : ${{ steps.setup-env.outputs.staticcheck-version }}
130145 run : go install ${PACKAGE_URL}@${PACKAGE_VERSION}
131- - name : Install Terraform-docs
132- env :
133- PACKAGE_URL : github.com/terraform-docs/terraform-docs
134- PACKAGE_VERSION : ${{ steps.setup-env.outputs.terraform-docs-version }}
135- run : go install ${PACKAGE_URL}@${PACKAGE_VERSION}
146+ # TODO: https://github.com/cisagov/skeleton-generic/issues/165
147+ # We are temporarily using @mcdonnnj's forked branch of terraform-docs
148+ # until his PR: https://github.com/terraform-docs/terraform-docs/pull/745
149+ # is approved. This temporary fix will allow for ATX header support when
150+ # terraform-docs is run during linting.
151+ - name : Clone ATX headers branch from terraform-docs fork
152+ run : |
153+ git clone \
154+ --branch $TERRAFORM_DOCS_REPO_BRANCH_NAME \
155+ --depth $TERRAFORM_DOCS_REPO_DEPTH \
156+ --single-branch \
157+ $TERRAFORM_DOCS_REPO_URL /tmp/terraform-docs
158+ name : Build and install terraform-docs binary
159+ run : |
160+ go build \
161+ -C /tmp/terraform-docs \
162+ -o $(go env GOPATH)/bin/terraform-docs
136163name : Install dependencies
137164 run : |
138165 python -m pip install --upgrade pip setuptools wheel
@@ -148,12 +175,10 @@ jobs:
148175 name : test source - py${{ matrix.python-version }}
149176 needs :
150177 - diagnostics
151- runs-on : ${{ matrix.os }}
178+ runs-on : ubuntu-latest
152179 strategy :
153180 fail-fast : false
154181 matrix :
155- os :
156- - ubuntu-latest
157182 python-version :
158183 - " 3.8"
159184 - " 3.9"
@@ -217,10 +242,12 @@ jobs:
217242 with :
218243 egress-policy : audit
219244 - uses : actions/checkout@v4
245+ - id : setup-env
246+ uses : cisagov/setup-env-github-action@develop
220247 - id : setup-python
221248 uses : actions/setup-python@v4
222249 with :
223- python-version : " 3.10 "
250+ python-version : ${{ steps.setup-env.outputs.python-version }}
224251 - uses : actions/cache@v3
225252 env :
226253 BASE_CACHE_KEY : " ${{ github.job }}-${{ runner.os }}-\
@@ -253,12 +280,10 @@ jobs:
253280 - diagnostics
254281 - lint
255282 - test
256- runs-on : ${{ matrix.os }}
283+ runs-on : ubuntu-latest
257284 strategy :
258285 fail-fast : false
259286 matrix :
260- os :
261- - ubuntu-latest
262287 python-version :
263288 - " 3.8"
264289 - " 3.9"
@@ -297,7 +322,7 @@ jobs:
297322name : Build artifacts
298323 run : python -m build
299324 - name : Upload artifacts
300- uses : actions/upload-artifact@v3
325+ uses : actions/upload-artifact@v4
301326 with :
302327 name : dist-${{ matrix.python-version }}
303328 path : dist
@@ -309,12 +334,10 @@ jobs:
309334 needs :
310335 - diagnostics
311336 - build
312- runs-on : ${{ matrix.os }}
337+ runs-on : ubuntu-latest
313338 strategy :
314339 fail-fast : false
315340 matrix :
316- os :
317- - ubuntu-latest
318341 python-version :
319342 - " 3.8"
320343 - " 3.9"
@@ -347,7 +370,7 @@ jobs:
347370 restore-keys : |
348371 ${{ env.BASE_CACHE_KEY }}
349372name : Retrieve the built wheel
350- uses : actions/download-artifact@v3
373+ uses : actions/download-artifact@v4
351374 with :
352375 name : dist-${{ matrix.python-version }}
353376 path : dist
0 commit comments