Merge pull request #302 from cisagov/initial_skeletonization

Initial Integration of skeleton-generic

.bandit.yml

@@ -0,0 +1,13 @@
+---
+# Configuration file for the Bandit python security scanner
+# https://bandit.readthedocs.io/en/latest/config.html
+
+# Tests are first included by `tests`, and then excluded by `skips`.
+# If `tests` is empty, all tests are are considered included.
+
+tests:
+# - B101
+# - B102
+
+skips:
+# - B101 # skip "assert used" check since assertions are required in pytests

.flake8

@@ -0,0 +1,25 @@
+[flake8]
+max-line-length = 80
+# Select (turn on)
+# * Complexity violations reported by mccabe (C) -
+# http://flake8.pycqa.org/en/latest/user/error-codes.html#error-violation-codes
+# * Documentation conventions compliance reported by pydocstyle (D) -
+# http://www.pydocstyle.org/en/stable/error_codes.html
+# * Default errors and warnings reported by pycodestyle (E and W) -
+# https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes
+# * Default errors reported by pyflakes (F) -
+# http://flake8.pycqa.org/en/latest/glossary.html#term-pyflakes
+# * Default warnings reported by flake8-bugbear (B) -
+# https://github.com/PyCQA/flake8-bugbear#list-of-warnings
+# * The B950 flake8-bugbear opinionated warning -
+# https://github.com/PyCQA/flake8-bugbear#opinionated-warnings
+select = C,D,E,F,W,B,B950
+# Ignore flake8's default warning about maximum line length, which has
+# a hard stop at the configured value. Instead we use
+# flake8-bugbear's B950, which allows up to 10% overage.
+#
+# Also ignore flake8's warning about line breaks before binary
+# operators. It no longer agrees with PEP8. See, for example, here:
+# https://github.com/ambv/black/issues/21. Guido agrees here:
+# https://github.com/python/peps/commit/c59c4376ad233a62ca4b3a6060c81368bd21e85b.
+ignore = E501,W503

.github/CODEOWNERS

@@ -1,7 +1,10 @@
 # Each line is a file pattern followed by one or more owners.
 
-# These owners will be the default owners for everything in
-# the repo. Unless a later match takes precedence,
-# these owners will be requested for review when someone
-# opens a pull request.
-* @dav3r @felddy @hillaryj @jsf9k @mcdonnnj @cisagov/team-ois
+# These owners will be the default owners for everything in the
+# repo. Unless a later match takes precedence, these owners will be
+# requested for review when someone opens a pull request.
+* @dav3r @felddy @hillaryj @jsf9k @mcdonnnj
+
+# These folks own any files in the .github directory at the root of
+# the repository and any of its subdirectories.
+/.github/ @dav3r @felddy @hillaryj @jsf9k @mcdonnnj

.github/dependabot.yml

@@ -0,0 +1,13 @@
+---
+
+version: 2
+updates:
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: "weekly"
+
+ - package-ecosystem: "pip"
+ directory: "/"
+ schedule:
+ interval: "weekly"

.github/lineage.yml

@@ -0,0 +1,6 @@
+---
+version: "1"
+
+lineage:
+ skeleton:
+ remote-url: https://github.com/cisagov/skeleton-generic.git

.github/workflows/build.yml

@@ -0,0 +1,44 @@
+---
+name: build
+
+on:
+ push:
+ pull_request:
+ repository_dispatch:
+ types: [apb]
+
+env:
+ PIP_CACHE_DIR: ~/.cache/pip
+ PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
+
+jobs:
+ lint:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - id: setup-python
+ uses: actions/setup-python@v2
+ with:
+ python-version: 3.9
+ - uses: actions/cache@v2
+ env:
+ BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
+ py${{ steps.setup-python.outputs.python-version }}-"
+ with:
+ path: |
+ ${{ env.PIP_CACHE_DIR }}
+ ${{ env.PRE_COMMIT_CACHE_DIR }}
+ key: "${{ env.BASE_CACHE_KEY }}\
+ ${{ hashFiles('**/requirements-test.txt') }}-\
+ ${{ hashFiles('**/requirements.txt') }}-\
+ ${{ hashFiles('**/.pre-commit-config.yaml') }}"
+ restore-keys: |
+ ${{ env.BASE_CACHE_KEY }}
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install --upgrade --requirement requirements-test.txt
+ - name: Set up pre-commit hook environments
+ run: pre-commit install-hooks
+ - name: Run pre-commit on all files
+ run: pre-commit run --all-files

.gitignore

@@ -1,7 +1,11 @@
-*~
-playbook.retry
+__pycache__
+.coverage
+.mypy_cache
+.pytest_cache
 .python-version
 .terraform
-terraform.tfstate*
-*.tfvars
 *.dyn.tf
+*.tfvars
+packer_cache
+terraform.tfstate
+terraform.tfstate.backup

.isort.cfg

@@ -0,0 +1,10 @@
+[settings]
+combine_star=true
+force_sort_within_sections=true
+
+import_heading_stdlib=Standard Python Libraries
+import_heading_thirdparty=Third-Party Libraries
+import_heading_firstparty=cisagov Libraries
+
+# Run isort under the black profile to align with our other Python linting
+profile=black

.mdl_config.json

@@ -0,0 +1,10 @@
+{
+ "MD013": {
+ "code_blocks": false,
+ "tables": false
+ },
+ "MD024": {
+ "allow_different_nesting": true
+ },
+ "default": true
+}

.pre-commit-config.yaml

@@ -0,0 +1,115 @@
+---
+default_language_version:
+ # force all unspecified python hooks to run python3
+ python: python3
+
+repos:
+ - repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v3.2.0
+ hooks:
+ - id: check-executables-have-shebangs
+ - id: check-json
+ - id: check-merge-conflict
+ - id: check-xml
+ - id: debug-statements
+ - id: detect-aws-credentials
+ args:
+ - --allow-missing-credentials
+ - id: detect-private-key
+ - id: end-of-file-fixer
+ exclude: files/(issue|motd)
+ - id: mixed-line-ending
+ args:
+ - --fix=lf
+ - id: pretty-format-json
+ args:
+ - --autofix
+ - id: requirements-txt-fixer
+ - id: trailing-whitespace
+
+ # Text file hooks
+ # - repo: https://github.com/igorshubovych/markdownlint-cli
+ # rev: v0.24.0
+ # hooks:
+ # - id: markdownlint
+ # args:
+ # - --config=.mdl_config.json
+ - repo: https://github.com/prettier/pre-commit
+ rev: v2.1.2
+ hooks:
+ - id: prettier
+ # - repo: https://github.com/adrienverge/yamllint
+ # rev: v1.25.0
+ # hooks:
+ # - id: yamllint
+
+ # Shell script hooks
+ # - repo: https://github.com/detailyang/pre-commit-shell
+ # rev: 1.0.5
+ # hooks:
+ # - id: shell-lint
+
+ # Python hooks
+ # - repo: https://github.com/PyCQA/bandit
+ # rev: 1.6.2
+ # hooks:
+ # - id: bandit
+ # args:
+ # - --config=.bandit.yml
+ # - repo: https://github.com/python/black
+ # rev: 20.8b1
+ # hooks:
+ # - id: black
+ # - repo: https://gitlab.com/pycqa/flake8
+ # rev: 3.8.4
+ # hooks:
+ # - id: flake8
+ # additional_dependencies:
+ # - flake8-docstrings
+ # - repo: https://github.com/timothycrosley/isort
+ # rev: 5.6.4
+ # hooks:
+ # - id: isort
+ # - repo: https://github.com/pre-commit/mirrors-mypy
+ # rev: v0.790
+ # hooks:
+ # - id: mypy
+ # - repo: https://github.com/asottile/pyupgrade
+ # rev: v2.7.2
+ # hooks:
+ # - id: pyupgrade
+
+ # Ansible hooks
+ # - repo: https://github.com/ansible/ansible-lint.git
+ # rev: v4.3.5
+ # hooks:
+ # - id: ansible-lint
+ # # files: molecule/default/playbook.yml
+
+ # Terraform hooks
+ - repo: https://github.com/antonbabenko/pre-commit-terraform.git
+ rev: v1.43.0
+ hooks:
+ - id: terraform_fmt
+ # There are ongoing issues with how this command works. This issue
+ # documents the core issue:
+ # https://github.com/hashicorp/terraform/issues/21408
+ # We have seen issues primarily with proxy providers and Terraform code
+ # that uses remote state. The PR
+ # https://github.com/hashicorp/terraform/pull/24887
+ # has been approved and is part of the 0.13 release to resolve the issue
+ # with remote states.
+ # The PR
+ # https://github.com/hashicorp/terraform/pull/24896
+ # is a proprosed fix to deal with `terraform validate` with proxy
+ # providers (among other configurations).
+ # We have decided to disable the terraform_validate hook until the issues
+ # above have been resolved, which we hope will be with the release of
+ # Terraform 0.13.
+ # - id: terraform_validate
+
+ # Docker hooks
+ # - repo: https://github.com/IamTheFij/docker-pre-commit
+ # rev: v2.0.0
+ # hooks:
+ # - id: docker-compose-check

.prettierignore

@@ -0,0 +1,7 @@
+# Already being linted by pretty-format-json
+*.json
+# Already being linted by mdl
+*.md
+# Already being linted by yamllint
+*.yaml
+*.yml

.yamllint

@@ -0,0 +1,7 @@
+---
+extends: default
+
+rules:
+ # yamllint doesn't like when we use yes and no for true and false,
+ # but that's pretty standard in Ansible.
+ truthy: disable