1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-22 16:40:48 +00:00

Pare down linting to the essentials

Reduce the linting to the essentials that fit the scope of this project.
This commit is contained in:
Nicholas McDonnell 2021-12-15 15:02:34 -05:00
parent 83c31e7d51
commit 22ed63d41d
No known key found for this signature in database
GPG key ID: 7994ADE2A56BE5D1
9 changed files with 4 additions and 225 deletions

View file

@ -1,22 +0,0 @@
---
# See https://ansible-lint.readthedocs.io/en/latest/configuring.html
# for a list of the configuration elements that can exist in this
# file.
enable_list:
# Useful checks that one must opt-into. See here for more details:
# https://ansible-lint.readthedocs.io/en/latest/rules.html
- fcqn-builtins
- no-log-password
- no-same-owner
exclude_paths:
# This exclusion is implicit, unless exclude_paths is defined
- .cache
# Seems wise to ignore this too
- .github
# ansible-lint doesn't like the role name in this playbook, but it's
# what molecule requires
- molecule/default/converge.yml
# These two are Molecule configuration files, not Ansible playbooks
- molecule/default/molecule-no-systemd.yml
- molecule/default/molecule-with-systemd.yml
use_default_rules: true

View file

@ -1,13 +0,0 @@
---
# Configuration file for the Bandit python security scanner
# https://bandit.readthedocs.io/en/latest/config.html
# Tests are first included by `tests`, and then excluded by `skips`.
# If `tests` is empty, all tests are are considered included.
tests:
# - B101
# - B102
skips:
# - B101 # skip "assert used" check since assertions are required in pytests

25
.flake8
View file

@ -1,25 +0,0 @@
[flake8]
max-line-length = 80
# Select (turn on)
# * Complexity violations reported by mccabe (C) -
# http://flake8.pycqa.org/en/latest/user/error-codes.html#error-violation-codes
# * Documentation conventions compliance reported by pydocstyle (D) -
# http://www.pydocstyle.org/en/stable/error_codes.html
# * Default errors and warnings reported by pycodestyle (E and W) -
# https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes
# * Default errors reported by pyflakes (F) -
# http://flake8.pycqa.org/en/latest/glossary.html#term-pyflakes
# * Default warnings reported by flake8-bugbear (B) -
# https://github.com/PyCQA/flake8-bugbear#list-of-warnings
# * The B950 flake8-bugbear opinionated warning -
# https://github.com/PyCQA/flake8-bugbear#opinionated-warnings
select = C,D,E,F,W,B,B950
# Ignore flake8's default warning about maximum line length, which has
# a hard stop at the configured value. Instead we use
# flake8-bugbear's B950, which allows up to 10% overage.
#
# Also ignore flake8's warning about line breaks before binary
# operators. It no longer agrees with PEP8. See, for example, here:
# https://github.com/ambv/black/issues/21. Guido agrees here:
# https://github.com/python/peps/commit/c59c4376ad233a62ca4b3a6060c81368bd21e85b.
ignore = E501,W503

View file

@ -8,97 +8,35 @@ on:
types: [apb] types: [apb]
env: env:
CURL_CACHE_DIR: ~/.cache/curl
PIP_CACHE_DIR: ~/.cache/pip PIP_CACHE_DIR: ~/.cache/pip
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
RUN_TMATE: ${{ secrets.RUN_TMATE }}
jobs: jobs:
lint: lint:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- id: setup-env
uses: cisagov/setup-env-github-action@develop
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- id: setup-python - id: setup-python
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
python-version: 3.9 python-version: "3.10"
# We need the Go version and Go cache location for the actions/cache step,
# so the Go installation must happen before that.
- uses: actions/setup-go@v2
with:
go-version: '1.16'
- name: Store installed Go version
id: go-version
run: |
echo "::set-output name=version::"\
"$(go version | sed 's/^go version go\([0-9.]\+\) .*/\1/')"
- name: Lookup Go cache directory
id: go-cache
run: |
echo "::set-output name=dir::$(go env GOCACHE)"
- uses: actions/cache@v2 - uses: actions/cache@v2
env: env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\ BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
py${{ steps.setup-python.outputs.python-version }}-\ py${{ steps.setup-python.outputs.python-version }}"
go${{ steps.go-version.outputs.version }}-\
packer${{ steps.setup-env.outputs.packer-version }}-\
tf${{ steps.setup-env.outputs.terraform-version }}-"
with: with:
# Note that the .terraform directory IS NOT included in the
# cache because if we were caching, then we would need to use
# the `-upgrade=true` option. This option blindly pulls down the
# latest modules and providers instead of checking to see if an
# update is required. That behavior defeats the benefits of caching.
# so there is no point in doing it for the .terraform directory.
path: | path: |
${{ env.PIP_CACHE_DIR }} ${{ env.PIP_CACHE_DIR }}
${{ env.PRE_COMMIT_CACHE_DIR }} ${{ env.PRE_COMMIT_CACHE_DIR }}
${{ env.CURL_CACHE_DIR }}
${{ steps.go-cache.outputs.dir }}
key: "${{ env.BASE_CACHE_KEY }}\ key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements-test.txt') }}-\
${{ hashFiles('**/requirements.txt') }}-\
${{ hashFiles('**/.pre-commit-config.yaml') }}" ${{ hashFiles('**/.pre-commit-config.yaml') }}"
restore-keys: | restore-keys: |
${{ env.BASE_CACHE_KEY }} ${{ env.BASE_CACHE_KEY }}
- name: Setup curl cache
run: mkdir -p ${{ env.CURL_CACHE_DIR }}
- name: Install Packer
env:
PACKER_VERSION: ${{ steps.setup-env.outputs.packer-version }}
run: |
PACKER_ZIP="packer_${PACKER_VERSION}_linux_amd64.zip"
curl --output ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
--time-cond ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
--location \
"https://releases.hashicorp.com/packer/${PACKER_VERSION}/${PACKER_ZIP}"
sudo unzip -d /opt/packer \
${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}"
sudo mv /usr/local/bin/packer /usr/local/bin/packer-default
sudo ln -s /opt/packer/packer /usr/local/bin/packer
- uses: hashicorp/setup-terraform@v1
with:
terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
- name: Install shfmt
env:
PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt
PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install Terraform-docs
env:
PACKAGE_URL: github.com/terraform-docs/terraform-docs
PACKAGE_VERSION: ${{ steps.setup-env.outputs.terraform-docs-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install dependencies - name: Install dependencies
run: | run: |
python -m pip install --upgrade pip python -m pip install --upgrade pip setuptools wheel
pip install --upgrade --requirement requirements-test.txt pip install --upgrade pre-commit
- name: Set up pre-commit hook environments - name: Set up pre-commit hook environments
run: pre-commit install-hooks run: pre-commit install-hooks
- name: Run pre-commit on all files - name: Run pre-commit on all files
run: pre-commit run --all-files run: pre-commit run --all-files
- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
if: env.RUN_TMATE

View file

@ -1,10 +0,0 @@
[settings]
combine_star=true
force_sort_within_sections=true
import_heading_stdlib=Standard Python Libraries
import_heading_thirdparty=Third-Party Libraries
import_heading_firstparty=cisagov Libraries
# Run isort under the black profile to align with our other Python linting
profile=black

View file

@ -46,86 +46,3 @@ repos:
- id: yamllint - id: yamllint
args: args:
- --strict - --strict
# pre-commit hooks
- repo: https://github.com/pre-commit/pre-commit
rev: v2.15.0
hooks:
- id: validate_manifest
# Shell script hooks
- repo: https://github.com/cisagov/pre-commit-shfmt
rev: v0.0.2
hooks:
- id: shfmt
args:
# Indent by two spaces
- -i
- '2'
# Binary operators may start a line
- -bn
# Switch cases are indented
- -ci
# Redirect operators are followed by a space
- -sr
- repo: https://github.com/detailyang/pre-commit-shell
rev: 1.0.5
hooks:
- id: shell-lint
# Python hooks
- repo: https://github.com/PyCQA/bandit
rev: 1.7.0
hooks:
- id: bandit
args:
- --config=.bandit.yml
- repo: https://github.com/psf/black
rev: 21.9b0
hooks:
- id: black
- repo: https://gitlab.com/pycqa/flake8
rev: 3.9.2
hooks:
- id: flake8
additional_dependencies:
- flake8-docstrings
- repo: https://github.com/PyCQA/isort
rev: 5.9.3
hooks:
- id: isort
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v0.910-1
hooks:
- id: mypy
- repo: https://github.com/asottile/pyupgrade
rev: v2.29.0
hooks:
- id: pyupgrade
# Ansible hooks
- repo: https://github.com/ansible-community/ansible-lint
rev: v5.2.1
hooks:
- id: ansible-lint
# files: molecule/default/playbook.yml
# Terraform hooks
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.52.0
hooks:
- id: terraform_fmt
- id: terraform_validate
# Docker hooks
- repo: https://github.com/IamTheFij/docker-pre-commit
rev: v2.0.1
hooks:
- id: docker-compose-check
# Packer hooks
- repo: https://github.com/cisagov/pre-commit-packer
rev: v0.0.2
hooks:
- id: packer_validate
- id: packer_fmt

View file

@ -1,2 +0,0 @@
--requirement requirements-test.txt
ipython

View file

@ -1,2 +0,0 @@
--requirement requirements.txt
pre-commit

View file

@ -1,2 +0,0 @@
setuptools
wheel