Skip to content

Commit

Permalink
Merge pull request #66 from cisagov/lineage/skeleton
Browse files Browse the repository at this point in the history
⚠️ CONFLICT! Lineage pull request for: skeleton
  • Loading branch information
mcdonnnj authored Jul 22, 2021
2 parents b1aa84c + 6ad71a8 commit 78450f5
Show file tree
Hide file tree
Showing 7 changed files with 161 additions and 44 deletions.
87 changes: 80 additions & 7 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,13 @@ on:

env:
BUILDX_CACHE_DIR: ~/.cache/buildx
CURL_CACHE_DIR: ~/.cache/curl
IMAGE_NAME: cisagov/example
PIP_CACHE_DIR: ~/.cache/pip
PLATFORMS: "linux/amd64,linux/arm/v6,linux/arm/v7,\
linux/arm64,linux/ppc64le,linux/s390x"
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
RUN_TMATE: ${{ secrets.RUN_TMATE }}

jobs:
lint:
Expand All @@ -39,25 +41,88 @@ jobs:
name: "Lint sources"
runs-on: ubuntu-latest
steps:
- uses: cisagov/setup-env-github-action@develop
- uses: actions/checkout@v2
- id: setup-python
uses: actions/setup-python@v2
with:
python-version: 3.9
# GO_VERSION and GOCACHE are used by the cache task, so the Go
# installation must happen before that.
- uses: actions/setup-go@v2
with:
go-version: '1.16'
- name: Store installed Go version
run: |
echo "GO_VERSION="\
"$(go version | sed 's/^go version go\([0-9.]\+\) .*/\1/')" \
>> $GITHUB_ENV
- name: Lookup Go cache directory
id: go-cache
run: |
echo "::set-output name=dir::$(go env GOCACHE)"
- uses: actions/cache@v2
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
py${{ steps.setup-python.outputs.python-version }}-"
py${{ steps.setup-python.outputs.python-version }}-\
go${{ env.GO_VERSION }}-\
packer${{ env.PACKER_VERSION }}-\
tf${{ env.TERRAFORM_VERSION }}-"
with:
# Note that the .terraform directory IS NOT included in the
# cache because if we were caching, then we would need to use
# the `-upgrade=true` option. This option blindly pulls down the
# latest modules and providers instead of checking to see if an
# update is required. That behavior defeats the benefits of caching.
# so there is no point in doing it for the .terraform directory.
path: |
${{ env.PIP_CACHE_DIR }}
${{ env.PRE_COMMIT_CACHE_DIR }}
${{ env.CURL_CACHE_DIR }}
${{ steps.go-cache.outputs.dir }}
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements-test.txt') }}-\
${{ hashFiles('**/requirements.txt') }}-\
${{ hashFiles('**/.pre-commit-config.yaml') }}"
restore-keys: |
${{ env.BASE_CACHE_KEY }}
- name: Setup curl cache
run: mkdir -p ${{ env.CURL_CACHE_DIR }}
- name: Install Packer
run: |
PACKER_ZIP="packer_${PACKER_VERSION}_linux_amd64.zip"
curl --output ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
--time-cond ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
--location \
"https://releases.hashicorp.com/packer/${PACKER_VERSION}/${PACKER_ZIP}"
sudo unzip -d /opt/packer \
${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}"
sudo mv /usr/local/bin/packer /usr/local/bin/packer-default
sudo ln -s /opt/packer/packer /usr/local/bin/packer
- name: Install Terraform
run: |
TERRAFORM_ZIP="terraform_${TERRAFORM_VERSION}_linux_amd64.zip"
curl --output ${{ env.CURL_CACHE_DIR }}/"${TERRAFORM_ZIP}" \
--time-cond ${{ env.CURL_CACHE_DIR }}/"${TERRAFORM_ZIP}" \
--location \
"https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/${TERRAFORM_ZIP}"
sudo unzip -d /opt/terraform \
${{ env.CURL_CACHE_DIR }}/"${TERRAFORM_ZIP}"
sudo mv /usr/local/bin/terraform /usr/local/bin/terraform-default
sudo ln -s /opt/terraform/terraform /usr/local/bin/terraform
- name: Install shfmt
run: go install mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}
- name: Install Terraform-docs
run: |
go install \
github.com/terraform-docs/terraform-docs@${TERRAFORM_DOCS_VERSION}
- name: Find and initialize Terraform directories
run: |
for path in $(find . -not \( -type d -name ".terraform" -prune \) \
-type f -iname "*.tf" -exec dirname "{}" \; | sort -u); do \
echo "Initializing '$path'..."; \
terraform init -input=false -backend=false "$path"; \
done
- name: Install dependencies
run: |
python -m pip install --upgrade pip
Expand All @@ -66,7 +131,9 @@ jobs:
run: pre-commit install-hooks
- name: Run pre-commit on all files
run: pre-commit run --all-files

- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
if: env.RUN_TMATE
prepare:
# Calculates and publishes outputs that are used by other jobs.
#
Expand Down Expand Up @@ -164,10 +231,9 @@ jobs:
echo ::set-output name=source_version::$(./bump_version.sh show)
echo ::set-output name=tags::${TAGS}
echo tags=${TAGS}
- name: Setup debug session remote shell
- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
if: github.event.inputs.remote-shell == 'true'

if: github.event.inputs.remote-shell == 'true' || env.RUN_TMATE
build:
# Builds a single test image for the native platform. This image is saved
# as an artifact and loaded by the test job.
Expand Down Expand Up @@ -236,7 +302,9 @@ jobs:
with:
name: dist
path: dist

- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
if: env.RUN_TMATE
test:
# Executes tests on the single-platform image created in the "build" job.
name: "Test image"
Expand Down Expand Up @@ -275,7 +343,9 @@ jobs:
env:
RELEASE_TAG: ${{ github.event.release.tag_name }}
run: pytest --runslow

- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
if: env.RUN_TMATE
build-push-all:
# Builds the final set of images for each of the platforms listed in
# PLATFORMS environment variable. These images are tagged with the Docker
Expand Down Expand Up @@ -359,3 +429,6 @@ jobs:
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
run: ./push_readme.sh
- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
if: env.RUN_TMATE
10 changes: 0 additions & 10 deletions .mdl_config.json

This file was deleted.

40 changes: 40 additions & 0 deletions .mdl_config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
---

# Default state for all rules
default: true

# MD003/heading-style/header-style - Heading style
MD003:
# Enforce the ATX-closed style of header
style: "atx_closed"

# MD004/ul-style - Unordered list style
MD004:
# Enforce dashes for unordered lists
style: "dash"

# MD013/line-length - Line length
MD013:
# Do not enforce for code blocks
code_blocks: false
# Do not enforce for tables
tables: false

# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the
# same content
MD024:
# Allow headers with the same content as long as they are not in the same
# parent heading
allow_different_nesting: true

# MD029/ol-prefix - Ordered list item prefix
MD029:
# Enforce the `1.` style for ordered lists
style: "one"

# MD033/no-inline-html - Inline HTML
MD033:
# The h1 and img elements are allowed to permit header images
allowed_elements:
- h1
- img
35 changes: 24 additions & 11 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,9 @@ repos:
hooks:
- id: markdownlint
args:
- --config=.mdl_config.json
- --config=.mdl_config.yaml
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v2.3.0
rev: v2.3.2
hooks:
- id: prettier
- repo: https://github.com/adrienverge/yamllint
Expand All @@ -48,14 +48,27 @@ repos:
args:
- --strict

# pre-commit hooks
- repo: https://github.com/pre-commit/pre-commit
rev: v2.13.0
hooks:
- id: validate_manifest

# Shell script hooks
- repo: https://github.com/lovesegfault/beautysh
rev: v6.1.0
- repo: https://github.com/cisagov/pre-commit-shfmt
rev: v0.0.2
hooks:
- id: beautysh
- id: shfmt
args:
- --indent-size
# Indent by two spaces
- -i
- '2'
# Binary operators may start a line
- -bn
# Switch cases are indented
- -ci
# Redirect operators are followed by a space
- -sr
- repo: https://github.com/detailyang/pre-commit-shell
rev: 1.0.5
hooks:
Expand All @@ -78,7 +91,7 @@ repos:
name: bandit (everything else)
exclude: tests
- repo: https://github.com/psf/black
rev: 21.5b2
rev: 21.7b0
hooks:
- id: black
- repo: https://gitlab.com/pycqa/flake8
Expand All @@ -88,15 +101,15 @@ repos:
additional_dependencies:
- flake8-docstrings
- repo: https://github.com/PyCQA/isort
rev: 5.8.0
rev: 5.9.2
hooks:
- id: isort
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v0.812
rev: v0.910
hooks:
- id: mypy
- repo: https://github.com/asottile/pyupgrade
rev: v2.19.1
rev: v2.21.2
hooks:
- id: pyupgrade

Expand Down Expand Up @@ -133,7 +146,7 @@ repos:

# Docker hooks
- repo: https://github.com/IamTheFij/docker-pre-commit
rev: v2.0.0
rev: v2.0.1
hooks:
- id: docker-compose-check

Expand Down
5 changes: 2 additions & 3 deletions bump_version.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,11 @@ HELP_INFORMATION="bump_version.sh (show|major|minor|patch|prerelease|build|final

old_version=$(sed -n "s/^__version__ = \"\(.*\)\"$/\1/p" $VERSION_FILE)

if [ $# -ne 1 ]
then
if [ $# -ne 1 ]; then
echo "$HELP_INFORMATION"
else
case $1 in
major|minor|patch|prerelease|build)
major | minor | patch | prerelease | build)
new_version=$(python -c "import semver; print(semver.bump_$1('$old_version'))")
echo Changing version from "$old_version" to "$new_version"
tmp_file=/tmp/version.$$
Expand Down
14 changes: 7 additions & 7 deletions push_readme.sh
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,19 @@ set -o pipefail

echo "Logging in and requesting JWT..."
token=$(curl --silent --request POST \
--header "Content-Type: application/json" \
--data \
'{"username": "'"$DOCKER_USERNAME"'", "password": "'"$DOCKER_PASSWORD"'"}' \
--header "Content-Type: application/json" \
--data \
'{"username": "'"$DOCKER_USERNAME"'", "password": "'"$DOCKER_PASSWORD"'"}' \
https://hub.docker.com/v2/users/login/ | jq --raw-output .token)

echo "Pushing README file..."
code=$(jq --null-input --arg msg "$(<README.md)" \
'{"registry":"registry-1.docker.io","full_description": $msg }' | \
curl --silent --output /dev/null --location --write-out "%{http_code}" \
code=$(jq --null-input --arg msg "$(< README.md)" \
'{"registry":"registry-1.docker.io","full_description": $msg }' \
| curl --silent --output /dev/null --location --write-out "%{http_code}" \
https://hub.docker.com/v2/repositories/"${IMAGE_NAME}"/ \
--data @- --request PATCH \
--header "Content-Type: application/json" \
--header "Authorization: JWT ${token}")
--header "Authorization: JWT ${token}")

if [[ "${code}" = "200" ]]; then
printf "Successfully pushed README to Docker Hub"
Expand Down
14 changes: 8 additions & 6 deletions setup-env
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ set -o nounset
set -o errexit
set -o pipefail

USAGE=$(cat << 'END_OF_LINE'
USAGE=$(
cat << 'END_OF_LINE'
Configure a developement environment for this repository.
It does the following:
Expand Down Expand Up @@ -35,17 +36,17 @@ FORCE=0
PARAMS=""

# Parse command line arguments
while (( "$#" )); do
while (("$#")); do
case "$1" in
-f|--force)
-f | --force)
FORCE=1
shift
;;
-h|--help)
-h | --help)
echo "${USAGE}"
exit 0
;;
-i|--install-hooks)
-i | --install-hooks)
INSTALL_HOOKS=1
shift
;;
Expand Down Expand Up @@ -160,7 +161,8 @@ pre-commit install ${INSTALL_HOOKS:+"--install-hooks"}
# This could fail if the remotes are already setup, but that is ok.
set +o errexit

eval "$(python3 << 'END_OF_LINE'
eval "$(
python3 << 'END_OF_LINE'
from pathlib import Path
import yaml
import sys
Expand Down

0 comments on commit 78450f5

Please sign in to comment.