mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-22 16:40:48 +00:00
Pare down linting to the essentials
Reduce the linting to the essentials that fit the scope of this project.
This commit is contained in:
parent
83c31e7d51
commit
22ed63d41d
9 changed files with 4 additions and 225 deletions
|
@ -1,22 +0,0 @@
|
||||||
---
|
|
||||||
# See https://ansible-lint.readthedocs.io/en/latest/configuring.html
|
|
||||||
# for a list of the configuration elements that can exist in this
|
|
||||||
# file.
|
|
||||||
enable_list:
|
|
||||||
# Useful checks that one must opt-into. See here for more details:
|
|
||||||
# https://ansible-lint.readthedocs.io/en/latest/rules.html
|
|
||||||
- fcqn-builtins
|
|
||||||
- no-log-password
|
|
||||||
- no-same-owner
|
|
||||||
exclude_paths:
|
|
||||||
# This exclusion is implicit, unless exclude_paths is defined
|
|
||||||
- .cache
|
|
||||||
# Seems wise to ignore this too
|
|
||||||
- .github
|
|
||||||
# ansible-lint doesn't like the role name in this playbook, but it's
|
|
||||||
# what molecule requires
|
|
||||||
- molecule/default/converge.yml
|
|
||||||
# These two are Molecule configuration files, not Ansible playbooks
|
|
||||||
- molecule/default/molecule-no-systemd.yml
|
|
||||||
- molecule/default/molecule-with-systemd.yml
|
|
||||||
use_default_rules: true
|
|
13
.bandit.yml
13
.bandit.yml
|
@ -1,13 +0,0 @@
|
||||||
---
|
|
||||||
# Configuration file for the Bandit python security scanner
|
|
||||||
# https://bandit.readthedocs.io/en/latest/config.html
|
|
||||||
|
|
||||||
# Tests are first included by `tests`, and then excluded by `skips`.
|
|
||||||
# If `tests` is empty, all tests are are considered included.
|
|
||||||
|
|
||||||
tests:
|
|
||||||
# - B101
|
|
||||||
# - B102
|
|
||||||
|
|
||||||
skips:
|
|
||||||
# - B101 # skip "assert used" check since assertions are required in pytests
|
|
25
.flake8
25
.flake8
|
@ -1,25 +0,0 @@
|
||||||
[flake8]
|
|
||||||
max-line-length = 80
|
|
||||||
# Select (turn on)
|
|
||||||
# * Complexity violations reported by mccabe (C) -
|
|
||||||
# http://flake8.pycqa.org/en/latest/user/error-codes.html#error-violation-codes
|
|
||||||
# * Documentation conventions compliance reported by pydocstyle (D) -
|
|
||||||
# http://www.pydocstyle.org/en/stable/error_codes.html
|
|
||||||
# * Default errors and warnings reported by pycodestyle (E and W) -
|
|
||||||
# https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes
|
|
||||||
# * Default errors reported by pyflakes (F) -
|
|
||||||
# http://flake8.pycqa.org/en/latest/glossary.html#term-pyflakes
|
|
||||||
# * Default warnings reported by flake8-bugbear (B) -
|
|
||||||
# https://github.com/PyCQA/flake8-bugbear#list-of-warnings
|
|
||||||
# * The B950 flake8-bugbear opinionated warning -
|
|
||||||
# https://github.com/PyCQA/flake8-bugbear#opinionated-warnings
|
|
||||||
select = C,D,E,F,W,B,B950
|
|
||||||
# Ignore flake8's default warning about maximum line length, which has
|
|
||||||
# a hard stop at the configured value. Instead we use
|
|
||||||
# flake8-bugbear's B950, which allows up to 10% overage.
|
|
||||||
#
|
|
||||||
# Also ignore flake8's warning about line breaks before binary
|
|
||||||
# operators. It no longer agrees with PEP8. See, for example, here:
|
|
||||||
# https://github.com/ambv/black/issues/21. Guido agrees here:
|
|
||||||
# https://github.com/python/peps/commit/c59c4376ad233a62ca4b3a6060c81368bd21e85b.
|
|
||||||
ignore = E501,W503
|
|
70
.github/workflows/build.yml
vendored
70
.github/workflows/build.yml
vendored
|
@ -8,97 +8,35 @@ on:
|
||||||
types: [apb]
|
types: [apb]
|
||||||
|
|
||||||
env:
|
env:
|
||||||
CURL_CACHE_DIR: ~/.cache/curl
|
|
||||||
PIP_CACHE_DIR: ~/.cache/pip
|
PIP_CACHE_DIR: ~/.cache/pip
|
||||||
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
|
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
|
||||||
RUN_TMATE: ${{ secrets.RUN_TMATE }}
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
lint:
|
lint:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- id: setup-env
|
|
||||||
uses: cisagov/setup-env-github-action@develop
|
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- id: setup-python
|
- id: setup-python
|
||||||
uses: actions/setup-python@v2
|
uses: actions/setup-python@v2
|
||||||
with:
|
with:
|
||||||
python-version: 3.9
|
python-version: "3.10"
|
||||||
# We need the Go version and Go cache location for the actions/cache step,
|
|
||||||
# so the Go installation must happen before that.
|
|
||||||
- uses: actions/setup-go@v2
|
|
||||||
with:
|
|
||||||
go-version: '1.16'
|
|
||||||
- name: Store installed Go version
|
|
||||||
id: go-version
|
|
||||||
run: |
|
|
||||||
echo "::set-output name=version::"\
|
|
||||||
"$(go version | sed 's/^go version go\([0-9.]\+\) .*/\1/')"
|
|
||||||
- name: Lookup Go cache directory
|
|
||||||
id: go-cache
|
|
||||||
run: |
|
|
||||||
echo "::set-output name=dir::$(go env GOCACHE)"
|
|
||||||
- uses: actions/cache@v2
|
- uses: actions/cache@v2
|
||||||
env:
|
env:
|
||||||
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
|
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
|
||||||
py${{ steps.setup-python.outputs.python-version }}-\
|
py${{ steps.setup-python.outputs.python-version }}"
|
||||||
go${{ steps.go-version.outputs.version }}-\
|
|
||||||
packer${{ steps.setup-env.outputs.packer-version }}-\
|
|
||||||
tf${{ steps.setup-env.outputs.terraform-version }}-"
|
|
||||||
with:
|
with:
|
||||||
# Note that the .terraform directory IS NOT included in the
|
|
||||||
# cache because if we were caching, then we would need to use
|
|
||||||
# the `-upgrade=true` option. This option blindly pulls down the
|
|
||||||
# latest modules and providers instead of checking to see if an
|
|
||||||
# update is required. That behavior defeats the benefits of caching.
|
|
||||||
# so there is no point in doing it for the .terraform directory.
|
|
||||||
path: |
|
path: |
|
||||||
${{ env.PIP_CACHE_DIR }}
|
${{ env.PIP_CACHE_DIR }}
|
||||||
${{ env.PRE_COMMIT_CACHE_DIR }}
|
${{ env.PRE_COMMIT_CACHE_DIR }}
|
||||||
${{ env.CURL_CACHE_DIR }}
|
|
||||||
${{ steps.go-cache.outputs.dir }}
|
|
||||||
key: "${{ env.BASE_CACHE_KEY }}\
|
key: "${{ env.BASE_CACHE_KEY }}\
|
||||||
${{ hashFiles('**/requirements-test.txt') }}-\
|
|
||||||
${{ hashFiles('**/requirements.txt') }}-\
|
|
||||||
${{ hashFiles('**/.pre-commit-config.yaml') }}"
|
${{ hashFiles('**/.pre-commit-config.yaml') }}"
|
||||||
restore-keys: |
|
restore-keys: |
|
||||||
${{ env.BASE_CACHE_KEY }}
|
${{ env.BASE_CACHE_KEY }}
|
||||||
- name: Setup curl cache
|
|
||||||
run: mkdir -p ${{ env.CURL_CACHE_DIR }}
|
|
||||||
- name: Install Packer
|
|
||||||
env:
|
|
||||||
PACKER_VERSION: ${{ steps.setup-env.outputs.packer-version }}
|
|
||||||
run: |
|
|
||||||
PACKER_ZIP="packer_${PACKER_VERSION}_linux_amd64.zip"
|
|
||||||
curl --output ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
|
|
||||||
--time-cond ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
|
|
||||||
--location \
|
|
||||||
"https://releases.hashicorp.com/packer/${PACKER_VERSION}/${PACKER_ZIP}"
|
|
||||||
sudo unzip -d /opt/packer \
|
|
||||||
${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}"
|
|
||||||
sudo mv /usr/local/bin/packer /usr/local/bin/packer-default
|
|
||||||
sudo ln -s /opt/packer/packer /usr/local/bin/packer
|
|
||||||
- uses: hashicorp/setup-terraform@v1
|
|
||||||
with:
|
|
||||||
terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
|
|
||||||
- name: Install shfmt
|
|
||||||
env:
|
|
||||||
PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt
|
|
||||||
PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }}
|
|
||||||
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
|
|
||||||
- name: Install Terraform-docs
|
|
||||||
env:
|
|
||||||
PACKAGE_URL: github.com/terraform-docs/terraform-docs
|
|
||||||
PACKAGE_VERSION: ${{ steps.setup-env.outputs.terraform-docs-version }}
|
|
||||||
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
|
|
||||||
- name: Install dependencies
|
- name: Install dependencies
|
||||||
run: |
|
run: |
|
||||||
python -m pip install --upgrade pip
|
python -m pip install --upgrade pip setuptools wheel
|
||||||
pip install --upgrade --requirement requirements-test.txt
|
pip install --upgrade pre-commit
|
||||||
- name: Set up pre-commit hook environments
|
- name: Set up pre-commit hook environments
|
||||||
run: pre-commit install-hooks
|
run: pre-commit install-hooks
|
||||||
- name: Run pre-commit on all files
|
- name: Run pre-commit on all files
|
||||||
run: pre-commit run --all-files
|
run: pre-commit run --all-files
|
||||||
- name: Setup tmate debug session
|
|
||||||
uses: mxschmitt/action-tmate@v3
|
|
||||||
if: env.RUN_TMATE
|
|
||||||
|
|
10
.isort.cfg
10
.isort.cfg
|
@ -1,10 +0,0 @@
|
||||||
[settings]
|
|
||||||
combine_star=true
|
|
||||||
force_sort_within_sections=true
|
|
||||||
|
|
||||||
import_heading_stdlib=Standard Python Libraries
|
|
||||||
import_heading_thirdparty=Third-Party Libraries
|
|
||||||
import_heading_firstparty=cisagov Libraries
|
|
||||||
|
|
||||||
# Run isort under the black profile to align with our other Python linting
|
|
||||||
profile=black
|
|
|
@ -46,86 +46,3 @@ repos:
|
||||||
- id: yamllint
|
- id: yamllint
|
||||||
args:
|
args:
|
||||||
- --strict
|
- --strict
|
||||||
|
|
||||||
# pre-commit hooks
|
|
||||||
- repo: https://github.com/pre-commit/pre-commit
|
|
||||||
rev: v2.15.0
|
|
||||||
hooks:
|
|
||||||
- id: validate_manifest
|
|
||||||
|
|
||||||
# Shell script hooks
|
|
||||||
- repo: https://github.com/cisagov/pre-commit-shfmt
|
|
||||||
rev: v0.0.2
|
|
||||||
hooks:
|
|
||||||
- id: shfmt
|
|
||||||
args:
|
|
||||||
# Indent by two spaces
|
|
||||||
- -i
|
|
||||||
- '2'
|
|
||||||
# Binary operators may start a line
|
|
||||||
- -bn
|
|
||||||
# Switch cases are indented
|
|
||||||
- -ci
|
|
||||||
# Redirect operators are followed by a space
|
|
||||||
- -sr
|
|
||||||
- repo: https://github.com/detailyang/pre-commit-shell
|
|
||||||
rev: 1.0.5
|
|
||||||
hooks:
|
|
||||||
- id: shell-lint
|
|
||||||
|
|
||||||
# Python hooks
|
|
||||||
- repo: https://github.com/PyCQA/bandit
|
|
||||||
rev: 1.7.0
|
|
||||||
hooks:
|
|
||||||
- id: bandit
|
|
||||||
args:
|
|
||||||
- --config=.bandit.yml
|
|
||||||
- repo: https://github.com/psf/black
|
|
||||||
rev: 21.9b0
|
|
||||||
hooks:
|
|
||||||
- id: black
|
|
||||||
- repo: https://gitlab.com/pycqa/flake8
|
|
||||||
rev: 3.9.2
|
|
||||||
hooks:
|
|
||||||
- id: flake8
|
|
||||||
additional_dependencies:
|
|
||||||
- flake8-docstrings
|
|
||||||
- repo: https://github.com/PyCQA/isort
|
|
||||||
rev: 5.9.3
|
|
||||||
hooks:
|
|
||||||
- id: isort
|
|
||||||
- repo: https://github.com/pre-commit/mirrors-mypy
|
|
||||||
rev: v0.910-1
|
|
||||||
hooks:
|
|
||||||
- id: mypy
|
|
||||||
- repo: https://github.com/asottile/pyupgrade
|
|
||||||
rev: v2.29.0
|
|
||||||
hooks:
|
|
||||||
- id: pyupgrade
|
|
||||||
|
|
||||||
# Ansible hooks
|
|
||||||
- repo: https://github.com/ansible-community/ansible-lint
|
|
||||||
rev: v5.2.1
|
|
||||||
hooks:
|
|
||||||
- id: ansible-lint
|
|
||||||
# files: molecule/default/playbook.yml
|
|
||||||
|
|
||||||
# Terraform hooks
|
|
||||||
- repo: https://github.com/antonbabenko/pre-commit-terraform
|
|
||||||
rev: v1.52.0
|
|
||||||
hooks:
|
|
||||||
- id: terraform_fmt
|
|
||||||
- id: terraform_validate
|
|
||||||
|
|
||||||
# Docker hooks
|
|
||||||
- repo: https://github.com/IamTheFij/docker-pre-commit
|
|
||||||
rev: v2.0.1
|
|
||||||
hooks:
|
|
||||||
- id: docker-compose-check
|
|
||||||
|
|
||||||
# Packer hooks
|
|
||||||
- repo: https://github.com/cisagov/pre-commit-packer
|
|
||||||
rev: v0.0.2
|
|
||||||
hooks:
|
|
||||||
- id: packer_validate
|
|
||||||
- id: packer_fmt
|
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
--requirement requirements-test.txt
|
|
||||||
ipython
|
|
|
@ -1,2 +0,0 @@
|
||||||
--requirement requirements.txt
|
|
||||||
pre-commit
|
|
|
@ -1,2 +0,0 @@
|
||||||
setuptools
|
|
||||||
wheel
|
|
Loading…
Reference in a new issue