Lineage pull request for: skeleton

.ansible-lint

@@ -0,0 +1,22 @@
+---
+# See https://ansible-lint.readthedocs.io/en/latest/configuring.html
+# for a list of the configuration elements that can exist in this
+# file.
+enable_list:
+  # Useful checks that one must opt-into.  See here for more details:
+  # https://ansible-lint.readthedocs.io/en/latest/rules.html
+  - fcqn-builtins
+  - no-log-password
+  - no-same-owner
+exclude_paths:
+  # This exclusion is implicit, unless exclude_paths is defined
+  - .cache
+  # Seems wise to ignore this too
+  - .github
+  # ansible-lint doesn't like the role name in this playbook, but it's
+  # what molecule requires
+  - molecule/default/converge.yml
+  # These two are Molecule configuration files, not Ansible playbooks
+  - molecule/default/molecule-no-systemd.yml
+  - molecule/default/molecule-with-systemd.yml
+use_default_rules: true

.github/dependabot.yml

@@ -11,3 +11,8 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/build.yml

@@ -17,22 +17,23 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: cisagov/setup-env-github-action@develop
+      - id: setup-env
+        uses: cisagov/setup-env-github-action@develop
       - uses: actions/checkout@v2
       - id: setup-python
         uses: actions/setup-python@v2
         with:
           python-version: 3.9
-      # GO_VERSION and GOCACHE are used by the cache task, so the Go
-      # installation must happen before that.
+      # We need the Go version and Go cache location for the actions/cache step,
+      # so the Go installation must happen before that.
       - uses: actions/setup-go@v2
         with:
           go-version: '1.16'
       - name: Store installed Go version
+        id: go-version
         run: |
-          echo "GO_VERSION="\
-          "$(go version | sed 's/^go version go\([0-9.]\+\) .*/\1/')" \
-          >> $GITHUB_ENV
+          echo "::set-output name=version::"\
+          "$(go version | sed 's/^go version go\([0-9.]\+\) .*/\1/')"
       - name: Lookup Go cache directory
         id: go-cache
         run: |
@@ -41,9 +42,9 @@ jobs:
         env:
           BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
             py${{ steps.setup-python.outputs.python-version }}-\
-            go${{ env.GO_VERSION }}-\
-            packer${{ env.PACKER_VERSION }}-\
-            tf${{ env.TERRAFORM_VERSION }}-"
+            go${{ steps.go-version.outputs.version }}-\
+            packer${{ steps.setup-env.outputs.packer-version }}-\
+            tf${{ steps.setup-env.outputs.terraform-version }}-"
         with:
           # Note that the .terraform directory IS NOT included in the
           # cache because if we were caching, then we would need to use
@@ -65,6 +66,8 @@ jobs:
       - name: Setup curl cache
         run: mkdir -p ${{ env.CURL_CACHE_DIR }}
       - name: Install Packer
+        env:
+          PACKER_VERSION: ${{ steps.setup-env.outputs.packer-version }}
         run: |
           PACKER_ZIP="packer_${PACKER_VERSION}_linux_amd64.zip"
           curl --output ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
@@ -77,13 +80,17 @@ jobs:
           sudo ln -s /opt/packer/packer /usr/local/bin/packer
       - uses: hashicorp/setup-terraform@v1
         with:
-          terraform_version: ${{ env.TERRAFORM_VERSION }}
+          terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
       - name: Install shfmt
-        run: go install mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}
+        env:
+          PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt
+          PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }}
+        run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
       - name: Install Terraform-docs
-        run: |
-          go install \
-            github.com/terraform-docs/terraform-docs@${TERRAFORM_DOCS_VERSION}
+        env:
+          PACKAGE_URL: github.com/terraform-docs/terraform-docs
+          PACKAGE_VERSION: ${{ steps.setup-env.outputs.terraform-docs-version }}
+        run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip

.pre-commit-config.yaml

@@ -31,25 +31,25 @@ repos:
 
   # Text file hooks
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.28.1
+    rev: v0.29.0
     hooks:
       - id: markdownlint
         args:
           - --config=.mdl_config.yaml
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v2.3.2
+    rev: v2.4.1
     hooks:
       - id: prettier
   - repo: https://github.com/adrienverge/yamllint
-    rev: v1.26.2
+    rev: v1.26.3
     hooks:
       - id: yamllint
         args:
           - --strict
 
   # pre-commit hooks
   - repo: https://github.com/pre-commit/pre-commit
-    rev: v2.14.0
+    rev: v2.15.0
     hooks:
       - id: validate_manifest
 
@@ -81,7 +81,7 @@ repos:
         args:
           - --config=.bandit.yml
   - repo: https://github.com/psf/black
-    rev: 21.7b0
+    rev: 21.9b0
     hooks:
       - id: black
   - repo: https://gitlab.com/pycqa/flake8
@@ -95,26 +95,24 @@ repos:
     hooks:
       - id: isort
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v0.910
+    rev: v0.910-1
     hooks:
       - id: mypy
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.23.3
+    rev: v2.29.0
     hooks:
       - id: pyupgrade
 
   # Ansible hooks
   - repo: https://github.com/ansible-community/ansible-lint
-    # This is intentionally being held back because of issues in v5 per
-    # https://github.com/cisagov/skeleton-ansible-role/issues/69
-    rev: v4.3.7
+    rev: v5.2.1
     hooks:
       - id: ansible-lint
       # files: molecule/default/playbook.yml
 
   # Terraform hooks
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.50.0
+    rev: v1.52.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate