From a842abbfefefdb03bd1661dfb5956d7b09eeae25 Mon Sep 17 00:00:00 2001
From: Jeremy Frasier <jeremy.frasier@trio.dhs.gov>
Date: Tue, 3 Nov 2020 12:40:54 -0500
Subject: [PATCH 1/3] Insist that the cisagov devs are the owners of the
 .github directory

This additional clause must remain at the _end_ of the CODEOWNERS file
so that it cannot be overridden by a later clause.

We want to make it so that all the .github files including CODEOWNERS
are protected so only code owners (the dev team) can approve
modifications to them.

This will prevent configuration changes from breaking Actions and
other management-type functions that the files in this directory
control. By setting the .github files/folder to require code owner
approval for changes, workflow and management changes will require dev
team review and checking.

Resolves #56.
---
 .github/CODEOWNERS | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 7735a52..5671d70 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,7 +1,10 @@
 # Each line is a file pattern followed by one or more owners.
 
-# These owners will be the default owners for everything in
-# the repo. Unless a later match takes precedence,
-# these owners will be requested for review when someone
-# opens a pull request.
+# These owners will be the default owners for everything in the
+# repo. Unless a later match takes precedence, these owners will be
+# requested for review when someone opens a pull request.
 * @dav3r @felddy @hillaryj @jsf9k @mcdonnnj
+
+# These folks own any files in the /.github directory at the root of
+# the repository and any of its subdirectories.
+/.github/ @dav3r @felddy @hillaryj @jsf9k @mcdonnnj

From 5b199bc86974d09044df2e510d7ac4c6ba4ad850 Mon Sep 17 00:00:00 2001
From: Jeremy Frasier <jeremy.frasier@trio.dhs.gov>
Date: Tue, 3 Nov 2020 14:51:18 -0500
Subject: [PATCH 2/3] Remove offending slash

Thanks to @dav3r and @mcdonnnj for the suggestion.
---
 .github/CODEOWNERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 5671d70..9c3d21f 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -5,6 +5,6 @@
 # requested for review when someone opens a pull request.
 * @dav3r @felddy @hillaryj @jsf9k @mcdonnnj
 
-# These folks own any files in the /.github directory at the root of
+# These folks own any files in the .github directory at the root of
 # the repository and any of its subdirectories.
 /.github/ @dav3r @felddy @hillaryj @jsf9k @mcdonnnj

From 64c3fb61ab1eb832821d57882f42407e88970740 Mon Sep 17 00:00:00 2001
From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com>
Date: Sun, 15 Nov 2020 23:02:59 -0500
Subject: [PATCH 3/3] Organize pre-commit hooks

Group related pre-commit hooks together. Make sure that hooks are
alphabetically sorted within those groups.
---
 .pre-commit-config.yaml | 48 +++++++++++++++++++++++++----------------
 1 file changed, 30 insertions(+), 18 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 7362f89..e9dde69 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -26,30 +26,30 @@ repos:
           - --autofix
       - id: requirements-txt-fixer
       - id: trailing-whitespace
+
+  # Text file hooks
   - repo: https://github.com/igorshubovych/markdownlint-cli
     rev: v0.24.0
     hooks:
       - id: markdownlint
         args:
           - --config=.mdl_config.json
+  - repo: https://github.com/prettier/pre-commit
+    rev: v2.1.2
+    hooks:
+      - id: prettier
   - repo: https://github.com/adrienverge/yamllint
     rev: v1.25.0
     hooks:
       - id: yamllint
+
+  # Shell script hooks
   - repo: https://github.com/detailyang/pre-commit-shell
     rev: 1.0.5
     hooks:
       - id: shell-lint
-  - repo: https://gitlab.com/pycqa/flake8
-    rev: 3.8.4
-    hooks:
-      - id: flake8
-        additional_dependencies:
-          - flake8-docstrings
-  - repo: https://github.com/asottile/pyupgrade
-    rev: v2.7.2
-    hooks:
-      - id: pyupgrade
+
+  # Python hooks
   - repo: https://github.com/PyCQA/bandit
     rev: 1.6.2
     hooks:
@@ -60,15 +60,33 @@ repos:
     rev: 20.8b1
     hooks:
       - id: black
+  - repo: https://gitlab.com/pycqa/flake8
+    rev: 3.8.4
+    hooks:
+      - id: flake8
+        additional_dependencies:
+          - flake8-docstrings
   - repo: https://github.com/timothycrosley/isort
     rev: 5.6.4
     hooks:
       - id: isort
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v0.790
+    hooks:
+      - id: mypy
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v2.7.2
+    hooks:
+      - id: pyupgrade
+
+  # Ansible hooks
   - repo: https://github.com/ansible/ansible-lint.git
     rev: v4.3.5
     hooks:
       - id: ansible-lint
       # files: molecule/default/playbook.yml
+
+  # Terraform hooks
   - repo: https://github.com/antonbabenko/pre-commit-terraform.git
     rev: v1.43.0
     hooks:
@@ -89,15 +107,9 @@ repos:
       # above have been resolved, which we hope will be with the release of
       # Terraform 0.13.
       # - id: terraform_validate
+
+  # Docker hooks
   - repo: https://github.com/IamTheFij/docker-pre-commit
     rev: v2.0.0
     hooks:
       - id: docker-compose-check
-  - repo: https://github.com/prettier/pre-commit
-    rev: v2.1.2
-    hooks:
-      - id: prettier
-  - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v0.790
-    hooks:
-      - id: mypy