cisagov · cisagovbot · Aug 13, 2024 · Sep 14, 2024 · Oct 11, 2024 · Oct 11, 2024
@@ -1,10 +1,9 @@
 ---
-# See https://ansible-lint.readthedocs.io/en/latest/configuring.html
-# for a list of the configuration elements that can exist in this
-# file.
+# See https://ansible-lint.readthedocs.io/configuring/ for a list of
+# the configuration elements that can exist in this file.
 enable_list:
   # Useful checks that one must opt-into.  See here for more details:
-  # https://ansible-lint.readthedocs.io/en/latest/rules.html
+  # https://ansible-lint.readthedocs.io/rules/
   - fcqn-builtins
   - no-log-password
   - no-same-owner

@@ -8,3 +8,17 @@
 # These folks own any files in the .github directory at the root of
 # the repository and any of its subdirectories.
 /.github/ @dav3r @felddy @jsf9k @mcdonnnj
+
+# These folks own all linting configuration files.
+/.ansible-lint @dav3r @felddy @jsf9k @mcdonnnj
+/.bandit.yml @dav3r @felddy @jsf9k @mcdonnnj
+/.flake8 @dav3r @felddy @jsf9k @mcdonnnj
+/.isort.cfg @dav3r @felddy @jsf9k @mcdonnnj
+/.mdl_config.yaml @dav3r @felddy @jsf9k @mcdonnnj
+/.pre-commit-config.yaml @dav3r @felddy @jsf9k @mcdonnnj
+/.prettierignore @dav3r @felddy @jsf9k @mcdonnnj
+/.yamllint @dav3r @felddy @jsf9k @mcdonnnj
+/requirements.txt @dav3r @felddy @jsf9k @mcdonnnj
+/requirements-dev.txt @dav3r @felddy @jsf9k @mcdonnnj
+/requirements-test.txt @dav3r @felddy @jsf9k @mcdonnnj
+/setup-env @dav3r @felddy @jsf9k @mcdonnnj
@@ -5,23 +5,54 @@
 # these updates when the pull request(s) in the appropriate skeleton are merged
 # and Lineage processes these changes.
 
-version: 2
 updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
+  - directory: /
     ignore:
+      # Managed by cisagov/skeleton-generic
       - dependency-name: actions/cache
       - dependency-name: actions/checkout
+      - dependency-name: actions/dependency-review-action
+      - dependency-name: actions/labeler
+      - dependency-name: actions/setup-go
       - dependency-name: actions/setup-python
+      - dependency-name: cisagov/action-job-preamble
+      - dependency-name: cisagov/setup-env-github-action
+      - dependency-name: crazy-max/ghaction-github-labeler
+      - dependency-name: github/codeql-action
+      - dependency-name: hashicorp/setup-packer
+      - dependency-name: hashicorp/setup-terraform
+      - dependency-name: mxschmitt/action-tmate
+<<<<<<< HEAD
+      - dependency-name: step-security/harden-runner
+      # Managed by cisagov/skeleton-python-library
+      - dependency-name: actions/download-artifact
+      - dependency-name: actions/upload-artifact
+      - dependency-name: github/codeql-action
+=======
+      # # Managed by cisagov/skeleton-python-library
+      # - dependency-name: actions/download-artifact
+      # - dependency-name: actions/upload-artifact
+<<<<<<< HEAD
+>>>>>>> eb5f53e20803b078ea441605573c17704a0b0412
+=======
+    labels:
+      # dependabot default we need to replicate
+      - dependencies
+      # This matches our label definition in .github/labels.yml as opposed to
+      # dependabot's default of `github_actions`.
+      - github-actions
+>>>>>>> cf0d937626ca5213720b7dd074735bc960d174b0
+    package-ecosystem: github-actions
+    schedule:
+      interval: weekly
 
-  - package-ecosystem: "pip"
-    directory: "/"
+  - directory: /
+    package-ecosystem: pip
     schedule:
-      interval: "weekly"
+      interval: weekly
 
-  - package-ecosystem: "terraform"
-    directory: "/"
+  - directory: /
+    package-ecosystem: terraform
     schedule:
-      interval: "weekly"
+      interval: weekly
+version: 2
@@ -0,0 +1,81 @@
+---
+# Each entry in this file is a label that will be applied to pull requests
+# if there is a match based on the matching rules for the entry. Please see
+# the actions/labeler documentation for more information:
+# https://github.com/actions/labeler#match-object
+#
+# Note: Verify that the label you want to use is defined in the
+# crazy-max/ghaction-github-labeler configuration file located at
+# .github/labels.yml.
+
+ansible:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "**/ansible/**"
+dependencies:
+  - changed-files:
+      - any-glob-to-any-file:
+          # Add any dependency files used.
+          - .pre-commit-config.yaml
+          - requirements*.txt
+          - pyproject.toml
+docker:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "**/compose*.yml"
+          - "**/docker-compose*.yml"
+          - "**/Dockerfile*"
+documentation:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "**/*.md"
+github-actions:
+  - changed-files:
+      - any-glob-to-any-file:
+          - .github/workflows/**
+javascript:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "**/*.js"
+packer:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "**/*.pkr.hcl"
+python:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "**/*.py"
+shell script:
+  - changed-files:
+      - any-glob-to-any-file:
+          # If this project has any shell scripts that do not end in the ".sh"
+          # extension, add them below.
+          - "**/*.sh"
+          - bump-version
+          - setup-env
+terraform:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "**/*.tf"
+test:
+  - changed-files:
+      - any-glob-to-any-file:
+          # Add any test-related files or paths.
+          - .ansible-lint
+          - .mdl_config.yaml
+          - .yamllint
+          - pyproject.toml
+          - tests/**
+typescript:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "**/*.ts"
+upstream update:
+  - head-branch:
+      # Any Lineage pull requests should use this branch.
+      - lineage/skeleton
+version bump:
+  - changed-files:
+      - any-glob-to-any-file:
+          # Ensure this matches your version tracking file(s).
+          - src/**/_version.py
@@ -0,0 +1,94 @@
+---
+# Rather than breaking up descriptions into multiline strings we disable that
+# specific rule in yamllint for this file.
+# yamllint disable rule:line-length
+- color: ff5850
+  description: Pull requests that update Ansible code
+  name: ansible
+- color: eb6420
+  description: This issue or pull request is awaiting the outcome of another issue or pull request
+  name: blocked
+- color: "000000"
+  description: This issue or pull request involves changes to existing functionality
+  name: breaking change
+- color: d73a4a
+  description: This issue or pull request addresses broken functionality
+  name: bug
+- color: 07648d
+  description: This issue will be advertised on code.gov's Open Tasks page (https://code.gov/open-tasks)
+  name: code.gov
+- color: 0366d6
+  description: Pull requests that update a dependency file
+  name: dependencies
+- color: 1d63ed
+  description: Pull requests that update Docker code
+  name: docker
+- color: 5319e7
+  description: This issue or pull request improves or adds to documentation
+  name: documentation
+- color: cfd3d7
+  description: This issue or pull request already exists or is covered in another issue or pull request
+  name: duplicate
+- color: b005bc
+  description: A high-level objective issue encompassing multiple issues instead of a specific unit of work
+  name: epic
+- color: "000000"
+  description: Pull requests that update GitHub Actions code
+  name: github-actions
+- color: 0e8a16
+  description: This issue or pull request is well-defined and good for newcomers
+  name: good first issue
+- color: ff7518
+  description: Pull request that should count toward Hacktoberfest participation
+  name: hacktoberfest-accepted
+- color: a2eeef
+  description: This issue or pull request will add or improve functionality, maintainability, or ease of use
+  name: improvement
+- color: fef2c0
+  description: This issue or pull request is not applicable, incorrect, or obsolete
+  name: invalid
+- color: f0db4f
+  description: Pull requests that update JavaScript code
+  name: javascript
+- color: ce099a
+  description: This pull request is ready to merge during the next Lineage Kraken release
+  name: kraken 🐙
+- color: a4fc5d
+  description: This issue or pull request requires further information
+  name: need info
+- color: fcdb45
+  description: This pull request is awaiting an action or decision to move forward
+  name: on hold
+- color: 02a8ef
+  description: Pull requests that update Packer code
+  name: packer
+- color: 3776ab
+  description: Pull requests that update Python code
+  name: python
+- color: ef476c
+  description: This issue is a request for information or needs discussion
+  name: question
+- color: d73a4a
+  description: This issue or pull request addresses a security issue
+  name: security
+- color: 4eaa25
+  description: Pull requests that update shell scripts
+  name: shell script
+- color: 7b42bc
+  description: Pull requests that update Terraform code
+  name: terraform
+- color: 00008b
+  description: This issue or pull request adds or otherwise modifies test code
+  name: test
+- color: 2678c5
+  description: Pull requests that update TypeScript code
+  name: typescript
+- color: 1d76db
+  description: This issue or pull request pulls in upstream updates
+  name: upstream update
+- color: d4c5f9
+  description: This issue or pull request increments the version number
+  name: version bump
+- color: ffffff
+  description: This issue will not be incorporated
+  name: wontfix