Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton

# Conflicts: # .github/dependabot.yml
cisagov · Sep 13, 2023 · 3cdf114 · 3cdf114
2 parents ed103e3 + ca49bea
commit 3cdf114
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 10 deletions.
diff --git a/.bandit.yml b/.bandit.yml
@@ -4,7 +4,7 @@
 # This config is applied to bandit when scanning the "tests" tree
 
 # Tests are first included by `tests`, and then excluded by `skips`.
-# If `tests` is empty, all tests are are considered included.
+# If `tests` is empty, all tests are considered included.
 
 tests:
 # - B101

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,8 +5,8 @@
 # these updates when the pull request(s) in the appropriate skeleton are merged
 # and Lineage processes these changes.
 
-version: 2
 updates:
+<<<<<<< HEAD
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
@@ -25,10 +25,29 @@ updates:
 
   - package-ecosystem: "pip"
     directory: "/"
+=======
+  - directory: /
+    # ignore:
+    #   # Managed by cisagov/skeleton-generic
+    #   - dependency-name: actions/cache
+    #   - dependency-name: actions/checkout
+    #   - dependency-name: actions/setup-go
+    #   - dependency-name: actions/setup-python
+    #   - dependency-name: crazy-max/ghaction-github-labeler
+    #   - dependency-name: hashicorp/setup-terraform
+    #   - dependency-name: mxschmitt/action-tmate
+    package-ecosystem: github-actions
+>>>>>>> ca49beaa65e53617b4414e4ab72d48a3d1deee62
     schedule:
-      interval: "weekly"
+      interval: weekly
 
-  - package-ecosystem: "terraform"
-    directory: "/"
+  - directory: /
+    package-ecosystem: pip
     schedule:
-      interval: "weekly"
+      interval: weekly
+
+  - directory: /
+    package-ecosystem: terraform
+    schedule:
+      interval: weekly
+version: 2
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -19,7 +19,7 @@ jobs:
     steps:
       - id: setup-env
         uses: cisagov/setup-env-github-action@develop
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - id: setup-python
         uses: actions/setup-python@v4
         with:
@@ -84,11 +84,26 @@ jobs:
       - uses: hashicorp/setup-terraform@v2
         with:
           terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
+      - name: Install go-critic
+        env:
+          PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic
+          PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }}
+        run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
+      - name: Install gosec
+        env:
+          PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec
+          PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }}
+        run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
       - name: Install shfmt
         env:
           PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt
           PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }}
         run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
+      - name: Install staticcheck
+        env:
+          PACKAGE_URL: honnef.co/go/tools/cmd/staticcheck
+          PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }}
+        run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
       - name: Install Terraform-docs
         env:
           PACKAGE_URL: github.com/terraform-docs/terraform-docs

diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml
@@ -19,10 +19,10 @@ jobs:
       issues: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Sync repository labels
         if: success()
-        uses: crazy-max/ghaction-github-labeler@v4
+        uses: crazy-max/ghaction-github-labeler@v5
         with:
           # This is a hideous ternary equivalent so we only do a dry run unless
           # this workflow is triggered by the develop branch.

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -79,6 +79,12 @@ repos:
       # GoSec
       - id: go-sec-repo-mod
 
+  # Nix hooks
+  - repo: https://github.com/nix-community/nixpkgs-fmt
+    rev: v1.3.0
+    hooks:
+      - id: nixpkgs-fmt
+
   # Shell script hooks
   - repo: https://github.com/cisagov/pre-commit-shfmt
     rev: v0.0.2
@@ -142,7 +148,7 @@ repos:
       - id: pyupgrade
 
   # Ansible hooks
-  - repo: https://github.com/ansible-community/ansible-lint
+  - repo: https://github.com/ansible/ansible-lint
     rev: v6.17.0
     hooks:
       - id: ansible-lint