Merge 8cfdaf5 into 59f2bb0

cisagov · Oct 17, 2022 · 37d31c7 · 37d31c7
2 parents 59f2bb0 + 8cfdaf5
commit 37d31c7
Show file tree

Hide file tree

Showing 56 changed files with 2,634 additions and 1,546 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -0,0 +1,22 @@
+---
+# See https://ansible-lint.readthedocs.io/en/latest/configuring.html
+# for a list of the configuration elements that can exist in this
+# file.
+enable_list:
+  # Useful checks that one must opt-into.  See here for more details:
+  # https://ansible-lint.readthedocs.io/en/latest/rules.html
+  - fcqn-builtins
+  - no-log-password
+  - no-same-owner
+exclude_paths:
+  # This exclusion is implicit, unless exclude_paths is defined
+  - .cache
+  # Seems wise to ignore this too
+  - .github
+kinds:
+  # This will force our systemd specific molecule configurations to be treated
+  # as plain yaml files by ansible-lint. This mirrors the default kind
+  # configuration in ansible-lint for molecule configurations:
+  # yaml: "**/molecule/*/{base,molecule}.{yaml,yml}"
+  - yaml: "**/molecule/*/molecule-{no,with}-systemd.yml"
+use_default_rules: true
diff --git a/.bandit.yml b/.bandit.yml
@@ -0,0 +1,14 @@
+---
+# Configuration file for the Bandit python security scanner
+# https://bandit.readthedocs.io/en/latest/config.html
+# This config is applied to bandit when scanning the "tests" tree
+
+# Tests are first included by `tests`, and then excluded by `skips`.
+# If `tests` is empty, all tests are are considered included.
+
+tests:
+# - B101
+# - B102
+
+skips:
+  - B101  # skip "assert used" check since assertions are required in pytests
diff --git a/.coveragerc b/.coveragerc
@@ -0,0 +1,12 @@
+# This is the configuration for code coverage checks
+# https://coverage.readthedocs.io/en/latest/config.html
+
+[run]
+source = src/pshtt
+omit =
+branch = true
+
+[report]
+exclude_lines =
+    if __name__ == "__main__":
+show_missing = true
diff --git a/.dockerignore b/.dockerignore
diff --git a/.flake8 b/.flake8
@@ -0,0 +1,28 @@
+[flake8]
+max-line-length = 80
+# Select (turn on)
+# * Complexity violations reported by mccabe (C) -
+#   http://flake8.pycqa.org/en/latest/user/error-codes.html#error-violation-codes
+# * Documentation conventions compliance reported by pydocstyle (D) -
+#   http://www.pydocstyle.org/en/stable/error_codes.html
+# * Default errors and warnings reported by pycodestyle (E and W) -
+#   https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes
+# * Default errors reported by pyflakes (F) -
+#   http://flake8.pycqa.org/en/latest/glossary.html#term-pyflakes
+# * Default warnings reported by flake8-bugbear (B) -
+#   https://github.com/PyCQA/flake8-bugbear#list-of-warnings
+# * The B950 flake8-bugbear opinionated warning -
+#   https://github.com/PyCQA/flake8-bugbear#opinionated-warnings
+select = C,D,E,F,W,B,B950
+# Ignore flake8's default warning about "whitespace before ':'" as it is not
+# PEP 8 compliant and conflicts with black's styling.
+#
+# Ignore flake8's default warning about maximum line length, which has
+# a hard stop at the configured value.  Instead we use
+# flake8-bugbear's B950, which allows up to 10% overage.
+#
+# Also ignore flake8's warning about line breaks before binary
+# operators.  It no longer agrees with PEP8.  See, for example, here:
+# https://github.com/ambv/black/issues/21. Guido agrees here:
+# https://github.com/python/peps/commit/c59c4376ad233a62ca4b3a6060c81368bd21e85b.
+ignore = E203,E501,W503
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,10 @@
+# Each line is a file pattern followed by one or more owners.
+
+# These owners will be the default owners for everything in the
+# repo. Unless a later match takes precedence, these owners will be
+# requested for review when someone opens a pull request.
+* @dav3r @felddy @jsf9k @mcdonnnj
+
+# These folks own any files in the .github directory at the root of
+# the repository and any of its subdirectories.
+/.github/ @dav3r @felddy @jsf9k @mcdonnnj
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,27 @@
+---
+
+# Any ignore directives should be uncommented in downstream projects to disable
+# Dependabot updates for the given dependency. Downstream projects will get
+# these updates when the pull request(s) in the appropriate skeleton are merged
+# and Lineage processes these changes.
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: actions/cache
+      - dependency-name: actions/checkout
+      - dependency-name: actions/setup-python
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/lineage.yml b/.github/lineage.yml
@@ -0,0 +1,5 @@
+---
+lineage:
+  skeleton:
+    remote-url: https://github.com/cisagov/skeleton-python-library.git
+version: '1'