From a0bc20bb08292f0d532f52378b8af4f585c94427 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 14:00:52 -0400 Subject: [PATCH 01/27] Add Go hooks to support go code for our projects --- .pre-commit-config.yaml | 56 +++++++++++++++++++++++++++++++++-------- 1 file changed, 45 insertions(+), 11 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0dabeb6..65c676b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,17 +31,17 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.33.0 + rev: v0.34.0 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.6 + rev: v3.0.0-alpha.9-for-vscode hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint - rev: v1.30.0 + rev: v1.31.0 hooks: - id: yamllint args: @@ -49,17 +49,51 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.22.0 + rev: 0.23.0 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v3.2.1 + rev: v3.3.1 hooks: - id: validate_manifest + # Go hooks + - repo: https://github.com/TekWizely/pre-commit-golang + rev: v1.0.0-rc.1 + hooks: + # Style Checkers + - id: go-lint + - id: go-critic + # Go Build + - id: go-build-mod + - id: go-build-pkg + - id: go-build-repo-mod + - id: go-build-repo-pkg + + # Go Mod Tidy + - id: go-mod-tidy + - id: go-mod-tidy-repo + + # Go Test + - id: go-test-mod + - id: go-test-pkg + - id: go-test-repo-mod + - id: go-test-repo-pkg + + # Go Vet + - id: go-vet + - id: go-vet-mod + - id: go-vet-pkg + - id: go-vet-repo-mod + - id: go-vet-repo-pkg + # GoSec + - id: go-sec-mod + - id: go-sec-pkg + - id: go-sec-repo-mod + - id: go-sec-repo-pkg # Shell script hooks - repo: https://github.com/cisagov/pre-commit-shfmt rev: v0.0.2 @@ -88,7 +122,7 @@ repos: args: - --config=.bandit.yml - repo: https://github.com/psf/black - rev: 23.1.0 + rev: 23.3.0 hooks: - id: black - repo: https://github.com/PyCQA/flake8 @@ -102,31 +136,31 @@ repos: hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.1.1 + rev: v1.2.0 hooks: - id: mypy - repo: https://github.com/asottile/pyupgrade - rev: v3.3.1 + rev: v3.3.2 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible-community/ansible-lint - rev: v5.4.0 + rev: v6.15.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.77.1 + rev: v1.78.0 hooks: - id: terraform_fmt - id: terraform_validate # Docker hooks - repo: https://github.com/IamTheFij/docker-pre-commit - rev: v2.1.1 + rev: v3.0.1 hooks: - id: docker-compose-check From 3628e5fa20d334723ca4733a873110b52b07b406 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 14:08:25 -0400 Subject: [PATCH 02/27] Add Staticcheck --- .pre-commit-config.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 65c676b..b04a130 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -67,6 +67,11 @@ repos: # Style Checkers - id: go-lint - id: go-critic + # StaticCheck + - id: go-staticcheck-mod + - id: go-staticcheck-pkg + - id: go-staticcheck-repo-mod + - id: go-staticcheck-repo-pkg # Go Build - id: go-build-mod - id: go-build-pkg From 668724f0a5fc2742a5fd9ce7de16753664876d02 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:07:08 -0400 Subject: [PATCH 03/27] Fix indentation Co-authored-by: Shane Frasier --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b04a130..10d005e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -64,7 +64,7 @@ repos: - repo: https://github.com/TekWizely/pre-commit-golang rev: v1.0.0-rc.1 hooks: - # Style Checkers + # Style Checkers - id: go-lint - id: go-critic # StaticCheck From 3d422b8493f09867ce17b2254ba25678a9759d03 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:07:17 -0400 Subject: [PATCH 04/27] Fix indentation Co-authored-by: Shane Frasier --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 10d005e..20e57fa 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -67,7 +67,7 @@ repos: # Style Checkers - id: go-lint - id: go-critic - # StaticCheck + # StaticCheck - id: go-staticcheck-mod - id: go-staticcheck-pkg - id: go-staticcheck-repo-mod From 5571f4756c1499d29da617b6f53afe8bfaebcf8d Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:07:25 -0400 Subject: [PATCH 05/27] Fix indentation Co-authored-by: Shane Frasier --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 20e57fa..9d698a8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -72,7 +72,7 @@ repos: - id: go-staticcheck-pkg - id: go-staticcheck-repo-mod - id: go-staticcheck-repo-pkg - # Go Build + # Go Build - id: go-build-mod - id: go-build-pkg - id: go-build-repo-mod From 4fd9501f753e1789261307b9e3829dd19dd3d42f Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:07:44 -0400 Subject: [PATCH 06/27] Fix formatting Co-authored-by: Shane Frasier --- .pre-commit-config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9d698a8..4946d17 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -77,7 +77,6 @@ repos: - id: go-build-pkg - id: go-build-repo-mod - id: go-build-repo-pkg - # Go Mod Tidy - id: go-mod-tidy - id: go-mod-tidy-repo From 412101aff6363f06a9155fa21679637d5d5ca7dd Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:08:16 -0400 Subject: [PATCH 07/27] Fix formatting Co-authored-by: Shane Frasier --- .pre-commit-config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4946d17..837d28b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -86,7 +86,6 @@ repos: - id: go-test-pkg - id: go-test-repo-mod - id: go-test-repo-pkg - # Go Vet - id: go-vet - id: go-vet-mod From a346fb5a789040104624eb0b193460463a8d811a Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:10:19 -0400 Subject: [PATCH 08/27] Fix formatting Co-authored-by: Shane Frasier --- .pre-commit-config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 837d28b..9ac7fd1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -80,7 +80,6 @@ repos: # Go Mod Tidy - id: go-mod-tidy - id: go-mod-tidy-repo - # Go Test - id: go-test-mod - id: go-test-pkg From c47038b51d4b537b9bd64b0299c1b99ca0b6e455 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:19:50 -0400 Subject: [PATCH 09/27] Revert updated versions for existing hooks --- .pre-commit-config.yaml | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9ac7fd1..d14f75a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,17 +31,17 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.34.0 + rev: v0.33.0 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.9-for-vscode + rev: v3.0.0-alpha.6 hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint - rev: v1.31.0 + rev: v1.30.0 hooks: - id: yamllint args: @@ -49,14 +49,14 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.23.0 + rev: 0.22.0 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v3.3.1 + rev: v3.2.1 hooks: - id: validate_manifest @@ -96,6 +96,7 @@ repos: - id: go-sec-pkg - id: go-sec-repo-mod - id: go-sec-repo-pkg + # Shell script hooks - repo: https://github.com/cisagov/pre-commit-shfmt rev: v0.0.2 @@ -124,7 +125,7 @@ repos: args: - --config=.bandit.yml - repo: https://github.com/psf/black - rev: 23.3.0 + rev: 23.1.0 hooks: - id: black - repo: https://github.com/PyCQA/flake8 @@ -138,31 +139,31 @@ repos: hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.2.0 + rev: v1.1.1 hooks: - id: mypy - repo: https://github.com/asottile/pyupgrade - rev: v3.3.2 + rev: v3.3.1 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible-community/ansible-lint - rev: v6.15.0 + rev: v5.4.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.78.0 + rev: v1.77.1 hooks: - id: terraform_fmt - id: terraform_validate # Docker hooks - repo: https://github.com/IamTheFij/docker-pre-commit - rev: v3.0.1 + rev: v2.1.1 hooks: - id: docker-compose-check @@ -171,4 +172,4 @@ repos: rev: v0.0.2 hooks: - id: packer_validate - - id: packer_fmt + - id: packer_fmt \ No newline at end of file From eb52678f773e6f05857b6880b34b9f8afdb71dc5 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:30:11 -0400 Subject: [PATCH 10/27] Fix formatting --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d14f75a..6e8143b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -172,4 +172,4 @@ repos: rev: v0.0.2 hooks: - id: packer_validate - - id: packer_fmt \ No newline at end of file + - id: packer_fmt From f8179f1aa31be65b2c363fd86badd6bf7883a033 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 17:16:19 -0400 Subject: [PATCH 11/27] Remove extra hook ids --- .pre-commit-config.yaml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6e8143b..0810309 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -69,33 +69,16 @@ repos: - id: go-critic # StaticCheck - id: go-staticcheck-mod - - id: go-staticcheck-pkg - - id: go-staticcheck-repo-mod - - id: go-staticcheck-repo-pkg # Go Build - id: go-build-mod - - id: go-build-pkg - - id: go-build-repo-mod - - id: go-build-repo-pkg # Go Mod Tidy - id: go-mod-tidy - - id: go-mod-tidy-repo # Go Test - id: go-test-mod - - id: go-test-pkg - - id: go-test-repo-mod - - id: go-test-repo-pkg # Go Vet - id: go-vet - - id: go-vet-mod - - id: go-vet-pkg - - id: go-vet-repo-mod - - id: go-vet-repo-pkg # GoSec - id: go-sec-mod - - id: go-sec-pkg - - id: go-sec-repo-mod - - id: go-sec-repo-pkg # Shell script hooks - repo: https://github.com/cisagov/pre-commit-shfmt From 42820e2e7d1fb492be77faa313de934f1c472cd2 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Mon, 8 May 2023 09:41:46 -0400 Subject: [PATCH 12/27] Replace hooks with repo based option when available --- .pre-commit-config.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0810309..3a798f0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -68,17 +68,17 @@ repos: - id: go-lint - id: go-critic # StaticCheck - - id: go-staticcheck-mod + - id: go-staticcheck-repo-mod # Go Build - - id: go-build-mod + - id: go-build-repo-mod # Go Mod Tidy - - id: go-mod-tidy + - id: go-mod-tidy-repo # Go Test - - id: go-test-mod + - id: go-test-repo-mod # Go Vet - - id: go-vet + - id: go-vet-repo-mod # GoSec - - id: go-sec-mod + - id: go-sec-repo-mod # Shell script hooks - repo: https://github.com/cisagov/pre-commit-shfmt From 7f372e63ac7875b3fb8d25dd094f7b9183e6e42e Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 7 Jun 2023 11:11:13 -0400 Subject: [PATCH 13/27] Remove the go-lint hook from the pre-commit configuration The golang/lint tool was archived on May 9th, 2021 and based on golang/go#38968 no future work is planned. Coupled with the fact that it is not available from brew we are removing this hook as local development may be hindered by trying to satisfy running this hook. Co-authored-by: Shane Frasier Co-authored-by: dav3r --- .pre-commit-config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3a798f0..4f826b1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -65,7 +65,6 @@ repos: rev: v1.0.0-rc.1 hooks: # Style Checkers - - id: go-lint - id: go-critic # StaticCheck - id: go-staticcheck-repo-mod From b8231113bac671a5d9f026fc519e9d3088eda935 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 31 May 2023 12:45:10 -0400 Subject: [PATCH 14/27] Update pre-commit hook versions This is done automatically with the `pre-commit autoupdate` command. --- .pre-commit-config.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0dabeb6..724b3e6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,17 +31,17 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.33.0 + rev: v0.34.0 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.6 + rev: v3.0.0-alpha.9-for-vscode hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint - rev: v1.30.0 + rev: v1.32.0 hooks: - id: yamllint args: @@ -49,14 +49,14 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.22.0 + rev: 0.23.1 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v3.2.1 + rev: v3.3.2 hooks: - id: validate_manifest @@ -88,7 +88,7 @@ repos: args: - --config=.bandit.yml - repo: https://github.com/psf/black - rev: 23.1.0 + rev: 23.3.0 hooks: - id: black - repo: https://github.com/PyCQA/flake8 @@ -102,31 +102,31 @@ repos: hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.1.1 + rev: v1.3.0 hooks: - id: mypy - repo: https://github.com/asottile/pyupgrade - rev: v3.3.1 + rev: v3.4.0 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible-community/ansible-lint - rev: v5.4.0 + rev: v6.17.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.77.1 + rev: v1.80.0 hooks: - id: terraform_fmt - id: terraform_validate # Docker hooks - repo: https://github.com/IamTheFij/docker-pre-commit - rev: v2.1.1 + rev: v3.0.1 hooks: - id: docker-compose-check From b770fc687a7a954d5e0cc12ae264fcda62a3355a Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Wed, 31 May 2023 12:29:10 -0400 Subject: [PATCH 15/27] Add apostrophe to Qapla --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index f526cdb..436d163 100755 --- a/setup-env +++ b/setup-env @@ -186,5 +186,5 @@ else: END_OF_LINE )" -# Qapla +# Qapla' echo "Success!" From 24a0008be136a946c2d742542ddb78dceb128073 Mon Sep 17 00:00:00 2001 From: arcsector <26469747+arcsector@users.noreply.github.com> Date: Wed, 17 May 2023 16:01:54 -0700 Subject: [PATCH 16/27] detecting virtualenv installation successfully --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 436d163..129102f 100755 --- a/setup-env +++ b/setup-env @@ -65,7 +65,7 @@ done eval set -- "$PARAMS" # Check to see if pyenv is installed -if [ -z "$(command -v pyenv)" ] || [ -z "$(command -v pyenv-virtualenv)" ]; then +if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ] ; }; then echo "pyenv and pyenv-virtualenv are required." if [[ "$OSTYPE" == "darwin"* ]]; then cat << 'END_OF_LINE' From f01965a1e56c2a6743eec95e9daa724037e7699d Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 19 May 2023 11:46:28 -0400 Subject: [PATCH 17/27] Whitespace change to make shfmt linter happy --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 129102f..77926bf 100755 --- a/setup-env +++ b/setup-env @@ -65,7 +65,7 @@ done eval set -- "$PARAMS" # Check to see if pyenv is installed -if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ] ; }; then +if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ]; }; then echo "pyenv and pyenv-virtualenv are required." if [[ "$OSTYPE" == "darwin"* ]]; then cat << 'END_OF_LINE' From 43d588fe56c9522535bc341a4664569be798c6c4 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Tue, 25 Apr 2023 09:17:14 -0400 Subject: [PATCH 18/27] Fix two broken links Resolves cisagov/skeleton-generic#131. --- .ansible-lint | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 0e80b05..4ffc0ef 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,10 +1,9 @@ --- -# See https://ansible-lint.readthedocs.io/en/latest/configuring.html -# for a list of the configuration elements that can exist in this -# file. +# See https://ansible-lint.readthedocs.io/configuring/ for a list of +# the configuration elements that can exist in this file. enable_list: # Useful checks that one must opt-into. See here for more details: - # https://ansible-lint.readthedocs.io/en/latest/rules.html + # https://ansible-lint.readthedocs.io/rules/ - fcqn-builtins - no-log-password - no-same-owner From e0982552895542bd267696744548aeba18fee2d5 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 31 May 2023 13:39:14 -0400 Subject: [PATCH 19/27] Disable caching for the setup-go Action The cache key used relies on the existence of a go.sum file. Since we have no expectation for Go source code, including that file, and since we already include the Go cache in our job caching, we can safely disable caching in the Action. --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bdd8c98..4351bd2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,6 +29,9 @@ jobs: - id: setup-go uses: actions/setup-go@v4 with: + # There is no expectation for actual Go code so we disable caching as + # it relies on the existence of a go.sum file. + cache: false go-version: "1.19" - name: Lookup Go cache directory id: go-cache From edf133832040ef12c407b0772c40f18f64076eb8 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 31 May 2023 13:41:03 -0400 Subject: [PATCH 20/27] Bump Go from 1.19 to 1.20 Bump the version of Go used in our GitHub Actions configuration to the latest stable Go release. --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4351bd2..c992e8e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,7 +32,7 @@ jobs: # There is no expectation for actual Go code so we disable caching as # it relies on the existence of a go.sum file. cache: false - go-version: "1.19" + go-version: "1.20" - name: Lookup Go cache directory id: go-cache run: | From f64356dfe5b31c8989c8ef1703a0e73edcc80b29 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Fri, 9 Jun 2023 15:10:45 -0400 Subject: [PATCH 21/27] Use the FQCN for `become_method` plugins Use the fully-qualified collection name when declaring the plugin that will be used with the `become_method` argument. --- src/aws.yml | 2 +- src/base.yml | 2 +- src/example.yml | 2 +- src/python.yml | 2 +- src/upgrade.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/aws.yml b/src/aws.yml index 49f433a..70c10c0 100644 --- a/src/aws.yml +++ b/src/aws.yml @@ -2,7 +2,7 @@ - hosts: all name: AWS-specific roles become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Install Amazon EFS utilities ansible.builtin.include_role: diff --git a/src/base.yml b/src/base.yml index e6d5386..560796c 100644 --- a/src/base.yml +++ b/src/base.yml @@ -2,7 +2,7 @@ - hosts: all name: Setup base image become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Install and configure automated security updates ansible.builtin.include_role: diff --git a/src/example.yml b/src/example.yml index 38e9e14..d1ddfa6 100644 --- a/src/example.yml +++ b/src/example.yml @@ -2,7 +2,7 @@ - hosts: all name: Project-specific roles become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: # The cisagov/ansible-role-example Ansible role is just a no-op, # but we include it here as an example/placeholder. diff --git a/src/python.yml b/src/python.yml index a1980ae..c98ef2a 100644 --- a/src/python.yml +++ b/src/python.yml @@ -2,7 +2,7 @@ - hosts: all name: Install pip3/python3 and remove pip2/python2 become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: # If pip were to be installed first, then the OS _could_ pull # different Python packages than what would be installed via the diff --git a/src/upgrade.yml b/src/upgrade.yml index 744c01e..417992f 100644 --- a/src/upgrade.yml +++ b/src/upgrade.yml @@ -2,7 +2,7 @@ - hosts: all name: Upgrade base image become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Upgrade all packages ansible.builtin.include_role: From 9640319b8d851470bfed01020a93f37124de2908 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 30 Jun 2023 13:49:00 -0400 Subject: [PATCH 22/27] Add the community.general collection We use community.general.ufw in our Ansible playbooks. --- src/requirements.yml | 75 +++++++++++++++++++++++--------------------- 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/src/requirements.yml b/src/requirements.yml index 328903c..6e14e6a 100644 --- a/src/requirements.yml +++ b/src/requirements.yml @@ -1,37 +1,40 @@ --- -- name: amazon_ssm_agent - src: https://github.com/cisagov/ansible-role-amazon-ssm-agent -- name: automated_security_updates - src: https://github.com/cisagov/ansible-role-automated-security-updates -- name: banner - src: https://github.com/cisagov/ansible-role-banner -- name: chrony_aws - src: https://github.com/cisagov/ansible-role-chrony-aws -- name: clamav - src: https://github.com/cisagov/ansible-role-clamav -- name: cloudwatch_agent - src: https://github.com/cisagov/ansible-role-cloudwatch-agent -- name: crowdstrike - src: https://github.com/cisagov/ansible-role-crowdstrike -- name: freeipa_client - src: https://github.com/cisagov/ansible-role-freeipa-client -- name: harden - src: https://github.com/cisagov/ansible-role-hardening -- name: htop - src: https://github.com/cisagov/ansible-role-htop -- name: nvme - src: https://github.com/cisagov/ansible-role-nvme -- name: openvpn - src: https://github.com/cisagov/ansible-role-openvpn -- name: persist_journald - src: https://github.com/cisagov/ansible-role-persist-journald -- name: pip - src: https://github.com/cisagov/ansible-role-pip -- name: python - src: https://github.com/cisagov/ansible-role-python -- name: remove_python2 - src: https://github.com/cisagov/ansible-role-remove-python2 -- name: ufw - src: https://github.com/cisagov/ansible-role-ufw -- name: upgrade - src: https://github.com/cisagov/ansible-role-upgrade +collections: + - community.general +roles: + - name: amazon_ssm_agent + src: https://github.com/cisagov/ansible-role-amazon-ssm-agent + - name: automated_security_updates + src: https://github.com/cisagov/ansible-role-automated-security-updates + - name: banner + src: https://github.com/cisagov/ansible-role-banner + - name: chrony_aws + src: https://github.com/cisagov/ansible-role-chrony-aws + - name: clamav + src: https://github.com/cisagov/ansible-role-clamav + - name: cloudwatch_agent + src: https://github.com/cisagov/ansible-role-cloudwatch-agent + - name: crowdstrike + src: https://github.com/cisagov/ansible-role-crowdstrike + - name: freeipa_client + src: https://github.com/cisagov/ansible-role-freeipa-client + - name: harden + src: https://github.com/cisagov/ansible-role-hardening + - name: htop + src: https://github.com/cisagov/ansible-role-htop + - name: nvme + src: https://github.com/cisagov/ansible-role-nvme + - name: openvpn + src: https://github.com/cisagov/ansible-role-openvpn + - name: persist_journald + src: https://github.com/cisagov/ansible-role-persist-journald + - name: pip + src: https://github.com/cisagov/ansible-role-pip + - name: python + src: https://github.com/cisagov/ansible-role-python + - name: remove_python2 + src: https://github.com/cisagov/ansible-role-remove-python2 + - name: ufw + src: https://github.com/cisagov/ansible-role-ufw + - name: upgrade + src: https://github.com/cisagov/ansible-role-upgrade From 2e693a4a7525e396961c310b7c967ddb76563cd8 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 30 Jun 2023 13:49:39 -0400 Subject: [PATCH 23/27] Use FQCNs for become_method values This is now required by ansible-lint. --- src/automated-security-updates.yml | 2 +- src/cdm.yml | 2 +- src/harden.yml | 2 +- src/openvpn.yml | 2 +- src/ufw.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/automated-security-updates.yml b/src/automated-security-updates.yml index 6ff1a7c..989d30c 100644 --- a/src/automated-security-updates.yml +++ b/src/automated-security-updates.yml @@ -2,7 +2,7 @@ - hosts: all name: Configure for automated security updates become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Set up automated security updates ansible.builtin.include_role: diff --git a/src/cdm.yml b/src/cdm.yml index 71dcfa0..59f4f42 100644 --- a/src/cdm.yml +++ b/src/cdm.yml @@ -2,7 +2,7 @@ - hosts: all name: Configure for the CISA CDM environment become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Install CrowdStrike ansible.builtin.include_role: diff --git a/src/harden.yml b/src/harden.yml index 2edacfb..0396c69 100644 --- a/src/harden.yml +++ b/src/harden.yml @@ -2,7 +2,7 @@ - hosts: all name: Hardening tasks become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Harden system ansible.builtin.include_role: diff --git a/src/openvpn.yml b/src/openvpn.yml index 0285f7c..e724578 100644 --- a/src/openvpn.yml +++ b/src/openvpn.yml @@ -2,7 +2,7 @@ - hosts: all name: Install OpenVPN become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Install OpenVPN ansible.builtin.include_role: diff --git a/src/ufw.yml b/src/ufw.yml index c2ee0aa..352587a 100644 --- a/src/ufw.yml +++ b/src/ufw.yml @@ -24,7 +24,7 @@ - port: ldaps proto: tcp become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Install UFW ansible.builtin.include_role: From 9885c4379f84d7087d076ad1e63635b1a51776d0 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 30 Jun 2023 13:51:25 -0400 Subject: [PATCH 24/27] Update role variable names to match recent role changes ansible-lint now requires all role variables to be prefixed with the role name. --- src/cdm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cdm.yml b/src/cdm.yml index 59f4f42..171b144 100644 --- a/src/cdm.yml +++ b/src/cdm.yml @@ -8,7 +8,7 @@ ansible.builtin.include_role: name: crowdstrike vars: - third_party_bucket_name: "{{ build_bucket }}" + crowdstrike_third_party_bucket_name: "{{ build_bucket }}" - name: Configure UFW for CISA CDM traffic community.general.ufw: comment: > From dd8ddadf55186a9c27f8c25966ace95486354d40 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 30 Jun 2023 13:52:08 -0400 Subject: [PATCH 25/27] Bump version from 0.3.5 to 0.3.6 --- src/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.txt b/src/version.txt index a8d4557..d7b30e1 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.3.5" +__version__ = "0.3.6" From 43089a23d6840d61963f5060ba30012ac91fd428 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 30 Jun 2023 13:52:17 -0400 Subject: [PATCH 26/27] Bump version from 0.3.6 to 0.3.6-rc.1 --- src/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.txt b/src/version.txt index d7b30e1..705c815 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.3.6" +__version__ = "0.3.6-rc.1" From 0ce2ed94e8db3a781dd560df349502f6281a923d Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Tue, 11 Jul 2023 16:30:54 -0400 Subject: [PATCH 27/27] Finalize version from 0.3.6-rc.1 to 0.3.6 --- src/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.txt b/src/version.txt index 705c815..d7b30e1 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.3.6-rc.1" +__version__ = "0.3.6"