From b5e5c11bcd63fcf556d31e3753eb7b84e0a85e3e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Sep 2023 02:01:21 +0000 Subject: [PATCH 001/104] Bump crazy-max/ghaction-github-status from 3 to 4 Bumps [crazy-max/ghaction-github-status](https://github.com/crazy-max/ghaction-github-status) from 3 to 4. - [Release notes](https://github.com/crazy-max/ghaction-github-status/releases) - [Commits](https://github.com/crazy-max/ghaction-github-status/compare/v3...v4) --- updated-dependencies: - dependency-name: crazy-max/ghaction-github-status dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7b75a4..894bb58 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,7 +27,7 @@ jobs: egress-policy: audit - id: github-status name: Check GitHub status - uses: crazy-max/ghaction-github-status@v3 + uses: crazy-max/ghaction-github-status@v4 - id: dump-context name: Dump context uses: crazy-max/ghaction-dump-context@v2 From 371179ef14354df4d00d7f961754ddb86c30929b Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 13 Sep 2023 12:48:59 -0400 Subject: [PATCH 002/104] Add a diagnostics job for the label syncing workflow Also add a runner hardening task to the labeler job. --- .github/workflows/sync-labels.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 44e8e19..5a20438 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -11,7 +11,26 @@ permissions: contents: read jobs: + diagnostics: + name: Run diagnostics + runs-on: ubuntu-latest + steps: + # Note that a duplicate of this step must be added at the top of + # each job. + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + - id: github-status + name: Check GitHub status + uses: crazy-max/ghaction-github-status@v3 + - id: dump-context + name: Dump context + uses: crazy-max/ghaction-dump-context@v2 labeler: + needs: + - diagnostics permissions: # actions/checkout needs this to fetch code contents: read @@ -19,6 +38,11 @@ jobs: issues: write runs-on: ubuntu-latest steps: + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit - uses: actions/checkout@v4 - name: Sync repository labels if: success() From 1f611fc67710100e3e6efeb395d67b82e3f52eaa Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Thu, 14 Sep 2023 15:45:17 -0400 Subject: [PATCH 003/104] Make the dev team the owners of the linter configuration files Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/CODEOWNERS | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 8f5c8c5..a22502d 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -8,3 +8,12 @@ # These folks own any files in the .github directory at the root of # the repository and any of its subdirectories. /.github/ @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj + +# These folks own all linting configuration files. +/.*.cfg @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/.*.yaml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/.*.yml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/.ansible-lint @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/.flake8 @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/.prettierignore @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/.yamllint @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj From c356768305b027d915db7ef7be1126ee687757ad Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Thu, 14 Sep 2023 15:59:22 -0400 Subject: [PATCH 004/104] Make dev team members the codeowners of the requirements*.txt and setup-env files Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/CODEOWNERS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index a22502d..b4e689e 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -17,3 +17,5 @@ /.flake8 @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj /.prettierignore @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj /.yamllint @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/requirements*.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/setup-env @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj From 0195005cccab3e087ec8353c5049ea633d252835 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 15 Sep 2023 10:26:45 -0400 Subject: [PATCH 005/104] Explicitly list the linter config files the dev team should own @mcdonnnj correctly pointed out that other projects add their own configuration files that match, e.g., the /.*.yaml pattern. We want to ensure that we only own the linter configuration files from the skeleton. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/CODEOWNERS | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b4e689e..229920c 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -10,12 +10,15 @@ /.github/ @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj # These folks own all linting configuration files. -/.*.cfg @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj -/.*.yaml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj -/.*.yml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj /.ansible-lint @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/.bandit.yml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj /.flake8 @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/.isort.cfg @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/.mdl_config.yaml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/.pre-commit-config.yaml @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj /.prettierignore @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj /.yamllint @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj -/requirements*.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/requirements.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/requirements-dev.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj +/requirements-test.txt @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj /setup-env @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj From 2e3038405298cec44ac6cb1caa91f100fdfb7157 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Thu, 5 Oct 2023 12:08:14 -0400 Subject: [PATCH 006/104] Add a diagnostics job to the CodeQL workflow The CodeQL workflow already had a harden-runner task, but it's good to agree everywhere with the changes we made to the build.yml workflow in cisagov/skeleton-generic#144. --- .github/workflows/codeql-analysis.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7493256..518e15a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -20,8 +20,27 @@ on: - cron: '0 2 * * 6' jobs: + diagnostics: + name: Run diagnostics + runs-on: ubuntu-latest + steps: + # Note that a duplicate of this step must be added at the top of + # each job. + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + - id: github-status + name: Check GitHub status + uses: crazy-max/ghaction-github-status@v3 + - id: dump-context + name: Dump context + uses: crazy-max/ghaction-dump-context@v2 analyze: name: Analyze + needs: + - diagnostics runs-on: ubuntu-latest permissions: # required for all workflows From b768a289e1702e9e46d81ad5a59f51abe666a976 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Oct 2023 18:41:36 +0000 Subject: [PATCH 007/104] Bump hashicorp/setup-terraform from 2 to 3 Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 2 to 3. - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/setup-terraform/compare/v2...v3) --- updated-dependencies: - dependency-name: hashicorp/setup-terraform dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7b75a4..1ff72a9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -101,7 +101,7 @@ jobs: ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" sudo mv /usr/local/bin/packer /usr/local/bin/packer-default sudo ln -s /opt/packer/packer /usr/local/bin/packer - - uses: hashicorp/setup-terraform@v2 + - uses: hashicorp/setup-terraform@v3 with: terraform_version: ${{ steps.setup-env.outputs.terraform-version }} - name: Install go-critic From 05771a89a4579d399462f9b396e164f57fe91225 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 1 Nov 2023 13:45:28 -0400 Subject: [PATCH 008/104] Remove mention of collections from comment ansible-galaxy does not appear to allow roles to depend on collections. See here for more details: https://github.com/cisagov/skeleton-ansible-role/issues/153#issuecomment-1785671824 --- meta/requirements.yml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/meta/requirements.yml b/meta/requirements.yml index d8f8eef..bdeda61 100644 --- a/meta/requirements.yml +++ b/meta/requirements.yml @@ -1,12 +1,7 @@ --- -# Note that dependencies listed here are made available to the role -# but _are not_ automatically installed. Role variables cannot be -# specified here. -# -# It _is_ possible to list both collections and roles in this file, -# but unfortunately ansible-galaxy attempts to naively merge the -# dependencies listed in meta/main.yml with these. That means that -# both sets of dependencies must be lists. :( +# Note that role dependencies listed here are made available to the +# role but _are not_ automatically installed. Role variables cannot +# be specified here. # # See also cisagov/skeleton-ansible-role#153. [] From 9f317002ac85066adc1efa05d9c2f55275ef7d9c Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 2 Nov 2023 15:49:06 -0400 Subject: [PATCH 009/104] Prefer block style to flow style We prefer block style to flow style for sequences and mappings in YAML. --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7b75a4..9332263 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,7 +5,8 @@ on: push: pull_request: repository_dispatch: - types: [apb] + types: + - apb env: CURL_CACHE_DIR: ~/.cache/curl From 696433ae2c3b3f9f2b3613562d3889c753c7bc34 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 2 Nov 2023 15:57:37 -0400 Subject: [PATCH 010/104] Alphabetize entries in the build workflow We prefer to alphabetize mapping keys in YAML documents whenever possible. --- .github/workflows/build.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9332263..2fef5d5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,8 +2,8 @@ name: build on: - push: pull_request: + push: repository_dispatch: types: - apb @@ -58,8 +58,8 @@ jobs: # it relies on the existence of a go.sum file. cache: false go-version: "1.20" - - name: Lookup Go cache directory - id: go-cache + - id: go-cache + name: Lookup Go cache directory run: | echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT - uses: actions/cache@v3 @@ -70,6 +70,10 @@ jobs: packer${{ steps.setup-env.outputs.packer-version }}-\ tf${{ steps.setup-env.outputs.terraform-version }}-" with: + key: "${{ env.BASE_CACHE_KEY }}\ + ${{ hashFiles('**/requirements-test.txt') }}-\ + ${{ hashFiles('**/requirements.txt') }}-\ + ${{ hashFiles('**/.pre-commit-config.yaml') }}" # Note that the .terraform directory IS NOT included in the # cache because if we were caching, then we would need to use # the `-upgrade=true` option. This option blindly pulls down the @@ -81,10 +85,6 @@ jobs: ${{ env.PRE_COMMIT_CACHE_DIR }} ${{ env.CURL_CACHE_DIR }} ${{ steps.go-cache.outputs.dir }} - key: "${{ env.BASE_CACHE_KEY }}\ - ${{ hashFiles('**/requirements-test.txt') }}-\ - ${{ hashFiles('**/requirements.txt') }}-\ - ${{ hashFiles('**/.pre-commit-config.yaml') }}" restore-keys: | ${{ env.BASE_CACHE_KEY }} - name: Setup curl cache From 6503a9e7f67d908833ff5aa178a2fd28faf5e803 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 2 Nov 2023 16:00:00 -0400 Subject: [PATCH 011/104] Add a `merge_group` trigger to the build workflow This should improve compatibility with merge queues. We configure it to only trigger on the `checks_requested` type which is currently the only supported type for this trigger. If additional types are added in the future they should be added if appropriate. --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2fef5d5..1928cb0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,6 +2,9 @@ name: build on: + merge_group: + types: + - checks_requested pull_request: push: repository_dispatch: From 74f2025729c0d9a30e755ea354b9ad4357aa5e2e Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 24 Nov 2023 13:09:54 -0500 Subject: [PATCH 012/104] Add a section describing how to install the role This resolves cisagov/skeleton-ansible-role#167. --- README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/README.md b/README.md index 1f806a0..185153f 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,28 @@ None. None. +## Installation ## + +This role can be installed via the command: + +```console +ansible-galaxy ansible-galaxy install --role-file path/to/requirements.yml +``` + +where `requirements.yml` looks like: + +```yaml +--- +- name: skeleton + src: https://github.com/cisagov/skeleton-ansible-role +``` + +and may contain other roles as well. + +For more information about installing Ansible roles via a YAML file, +please see [the `ansible-galaxy` +documentation](https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-multiple-roles-from-a-file). + ## Example Playbook ## Here's how to use it in a playbook: From 193e799a2601d030a0dd7bb6608752a076dc5981 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 18:59:21 +0000 Subject: [PATCH 013/104] Bump actions/setup-go from 4 to 5 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7b75a4..f208d82 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -51,7 +51,7 @@ jobs: # We need the Go version and Go cache location for the actions/cache step, # so the Go installation must happen before that. - id: setup-go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: # There is no expectation for actual Go code so we disable caching as # it relies on the existence of a go.sum file. From 5c84295bb6811bc49d3ff29de067adb2d179f879 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 18:59:25 +0000 Subject: [PATCH 014/104] Bump actions/setup-python from 4 to 5 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7b75a4..366a16b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -45,7 +45,7 @@ jobs: uses: cisagov/setup-env-github-action@develop - uses: actions/checkout@v4 - id: setup-python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: "3.11" # We need the Go version and Go cache location for the actions/cache step, From 2be8f7af50623a649011267f342f1b112ae9ebc9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Dec 2023 05:16:32 +0000 Subject: [PATCH 015/104] Bump github/codeql-action from 2 to 3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7493256..a5310ec 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -48,7 +48,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} @@ -56,7 +56,7 @@ jobs: # Java). If this step fails, then you should remove it and run the build # manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -70,4 +70,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 From 4a63dbe91c946d74d963c103b67d4f3c0746f35c Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 18 Jan 2024 16:25:35 -0500 Subject: [PATCH 016/104] Switch pre-commit hooks for running shfmt This hook bundles the binaries for shfmt with a Python package which removes the need to manually install the tool for the hook to function. --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 34f0253..ed254a0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -86,8 +86,8 @@ repos: - id: nixpkgs-fmt # Shell script hooks - - repo: https://github.com/cisagov/pre-commit-shfmt - rev: v0.0.2 + - repo: https://github.com/scop/pre-commit-shfmt + rev: v3.7.0-4 hooks: - id: shfmt args: From 3236b1ba94d1c833dc2f9508944c6bc6e6a49f48 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 18 Jan 2024 17:43:00 -0500 Subject: [PATCH 017/104] Remove installation of shfmt in the `build` workflow The new pre-commit hook provides `shfmt` binaries so we no longer need to ensure it is installed. --- .github/workflows/build.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7b75a4..b5d46cc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -114,11 +114,6 @@ jobs: PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - - name: Install shfmt - env: - PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt - PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }} - run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install staticcheck env: PACKAGE_URL: honnef.co/go/tools/cmd/staticcheck From 5ddb14dab4e98019a6875278a1bc556c61e4bb69 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 18 Jan 2024 16:56:43 -0500 Subject: [PATCH 018/104] Use long options for shfmt arguments Since shfmt now supports long command line options we should use them as that is our preference. The single quotes for the number of spaces to indent is changed to double quotes to align with our usual quotation style. --- .pre-commit-config.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ed254a0..ca36e5d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -92,14 +92,14 @@ repos: - id: shfmt args: # Indent by two spaces - - -i - - '2' + - --indent + - "2" # Binary operators may start a line - - -bn + - --binary-next-line # Switch cases are indented - - -ci + - --case-indent # Redirect operators are followed by a space - - -sr + - --space-redirects - repo: https://github.com/detailyang/pre-commit-shell rev: 1.0.5 hooks: From 8ecd95718a6d1b0db176cb85bf0790e4810364fb Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 18 Jan 2024 17:34:18 -0500 Subject: [PATCH 019/104] Add additional shfmt options These options are baked into the functionality of the old hook but must be explicitly declared for the new hook. --- .pre-commit-config.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ca36e5d..6b35e4a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -91,6 +91,10 @@ repos: hooks: - id: shfmt args: + # List files that will be formatted + - --list + # Write result to file instead of stdout + - --write # Indent by two spaces - --indent - "2" From 242921b9856e3ede0fa1a941324c1a3f0ba116f7 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 21 Sep 2023 17:49:55 -0400 Subject: [PATCH 020/104] Set the default shell for all run steps in the build workflow This sets the default shell for any run steps in the build workflow to mirror our standard shellscript writing practices. In addition to enabling our standard options it will also enable errtrace and print any commands that are run which should make debugging/troubleshooting more straightforward. --- .github/workflows/build.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7b75a4..7299f6b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,6 +7,14 @@ on: repository_dispatch: types: [apb] +# Set a default shell for any run steps. The `-Eueo pipefail` sets errtrace, +# nounset, errexit, and pipefail. The `-x` will print all commands as they are +# run. Please see the GitHub Actions documentation for more information: +# https://docs.github.com/en/actions/using-jobs/setting-default-values-for-jobs +defaults: + run: + shell: bash -Eueo pipefail -x {0} + env: CURL_CACHE_DIR: ~/.cache/curl PIP_CACHE_DIR: ~/.cache/pip From c7b18dc7e57c5261720324bd5b1425f6992e965e Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Fri, 12 Jan 2024 17:55:34 -0500 Subject: [PATCH 021/104] Add linting with goimports to the pre-commit configuration This will run the Go tool `goimports` against the repository if it contains any Go files. This tool bundles the functionality of `go fmt` with the additional benefit of sorting Go imports much like the isort tool we use for Python code. --- .github/workflows/build.yml | 5 +++++ .pre-commit-config.yaml | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7b75a4..8e14eab 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -109,6 +109,11 @@ jobs: PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} + - name: Install goimports + env: + PACKAGE_URL: golang.org/x/tools/cmd/goimports + PACKAGE_VERSION: ${{ steps.setup-env.outputs.goimports-version }} + run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install gosec env: PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 34f0253..7bb1f8c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -78,7 +78,11 @@ repos: - id: go-vet-repo-mod # GoSec - id: go-sec-repo-mod - + # goimports + - id: go-imports-repo + args: + # Write changes to files + - -w # Nix hooks - repo: https://github.com/nix-community/nixpkgs-fmt rev: v1.3.0 From f6d9d6e29249c4b6246fca71c285d744c7409f38 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 22 Jan 2024 12:31:43 -0600 Subject: [PATCH 022/104] Add ATX Header Support for terraform-docs This is a temporary fix until @mcdonnnj has his PR approved and merged into the terraform-docs repo. This fix will perform a shallow clone of his forked branch, build the binary, and install it. --- .github/workflows/build.yml | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7b75a4..e86b966 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,9 +8,12 @@ on: types: [apb] env: + BRANCH_NAME: improvement/support_atx_closed_markdown_headers CURL_CACHE_DIR: ~/.cache/curl + DEPTH: 1 PIP_CACHE_DIR: ~/.cache/pip PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit + REPO_URL: https://github.com/mcdonnnj/terraform-docs.git RUN_TMATE: ${{ secrets.RUN_TMATE }} jobs: @@ -124,11 +127,20 @@ jobs: PACKAGE_URL: honnef.co/go/tools/cmd/staticcheck PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - - name: Install Terraform-docs - env: - PACKAGE_URL: github.com/terraform-docs/terraform-docs - PACKAGE_VERSION: ${{ steps.setup-env.outputs.terraform-docs-version }} - run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} + # We are temporarily using @mcdonnnj's forked branch of terraform-docs + # until his PR: https://github.com/terraform-docs/terraform-docs/pull/745 + # is approved. This temporary fix will allow for ATX Header Support when + # terraform-docs is ran during lint. + - name: Clone ATX Headers branch from Terraform-docs Fork + run: | + git clone --branch $BRANCH_NAME --single-branch \ + --depth=$DEPTH $REPO_URL /tmp/terraform-docs + - name: Build and Install Terraform-docs Binary + run: | + cd /tmp/terraform-docs + GOBIN=$(go env GOPATH)/bin + go build -o $GOBIN/terraform-docs + echo "$GOBIN" >> $GITHUB_PATH - name: Install dependencies run: | python -m pip install --upgrade pip setuptools wheel From 544e4789e052978d00f982ef45d8d0de9f5e4748 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 22 Jan 2024 14:03:00 -0600 Subject: [PATCH 023/104] Add prepended names to variables to describe their function Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/workflows/build.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e86b966..99b42c1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,13 +8,13 @@ on: types: [apb] env: - BRANCH_NAME: improvement/support_atx_closed_markdown_headers CURL_CACHE_DIR: ~/.cache/curl - DEPTH: 1 PIP_CACHE_DIR: ~/.cache/pip PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit - REPO_URL: https://github.com/mcdonnnj/terraform-docs.git RUN_TMATE: ${{ secrets.RUN_TMATE }} + TERRAFORM_DOCS_REPO_BRANCH_NAME: improvement/support_atx_closed_markdown_headers + TERRAFORM_DOCS_REPO_DEPTH: 1 + TERRAFORM_DOCS_REPO_URL: https://github.com/mcdonnnj/terraform-docs.git jobs: diagnostics: @@ -133,8 +133,10 @@ jobs: # terraform-docs is ran during lint. - name: Clone ATX Headers branch from Terraform-docs Fork run: | - git clone --branch $BRANCH_NAME --single-branch \ - --depth=$DEPTH $REPO_URL /tmp/terraform-docs + git clone --single-branch \ + --branch $TERRAFORM_DOCS_REPO_BRANCH_NAME \ + --depth $TERRAFORM_DOCS_REPO_DEPTH \ + $TERRAFORM_DOCS_REPO_URL /tmp/terraform-docs - name: Build and Install Terraform-docs Binary run: | cd /tmp/terraform-docs From f5fa0ff4ec1ded10a2906ade6300bba05cc2e81c Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 22 Jan 2024 14:05:01 -0600 Subject: [PATCH 024/104] Remove unnecessary capitalizations and fix grammar Co-authored-by: Shane Frasier --- .github/workflows/build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 99b42c1..ca719aa 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -129,15 +129,15 @@ jobs: run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} # We are temporarily using @mcdonnnj's forked branch of terraform-docs # until his PR: https://github.com/terraform-docs/terraform-docs/pull/745 - # is approved. This temporary fix will allow for ATX Header Support when - # terraform-docs is ran during lint. - - name: Clone ATX Headers branch from Terraform-docs Fork + # is approved. This temporary fix will allow for ATX header support when + # terraform-docs is run during linting. + - name: Clone ATX headers branch from terraform-docs fork run: | git clone --single-branch \ --branch $TERRAFORM_DOCS_REPO_BRANCH_NAME \ --depth $TERRAFORM_DOCS_REPO_DEPTH \ $TERRAFORM_DOCS_REPO_URL /tmp/terraform-docs - - name: Build and Install Terraform-docs Binary + - name: Build and install terraform-docs binary run: | cd /tmp/terraform-docs GOBIN=$(go env GOPATH)/bin From 36361dd1c74c9855b87f2b4aec5a9be1fa7c416e Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 22 Jan 2024 14:14:27 -0600 Subject: [PATCH 025/104] Simplify steps in the build/install portion of workflow PATH is handled by `setup-go` so we can refactor the code setting it. Also we are taking advantage of the -C switch to handle building from the cloned repository. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/workflows/build.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ca719aa..6ab90de 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -139,10 +139,9 @@ jobs: $TERRAFORM_DOCS_REPO_URL /tmp/terraform-docs - name: Build and install terraform-docs binary run: | - cd /tmp/terraform-docs - GOBIN=$(go env GOPATH)/bin - go build -o $GOBIN/terraform-docs - echo "$GOBIN" >> $GITHUB_PATH + go build \ + -C /tmp/terraform-docs \ + -o $(go env GOPATH)/bin/terraform-docs - name: Install dependencies run: | python -m pip install --upgrade pip setuptools wheel From 3711ebe461d81987b4121903d2f3f1b290fccad3 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Tue, 23 Jan 2024 08:04:07 -0600 Subject: [PATCH 026/104] Add TODO label --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6ab90de..f5ba773 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -51,7 +51,7 @@ jobs: uses: actions/setup-python@v4 with: python-version: "3.11" - # We need the Go version and Go cache location for the actions/cache step, + # TODO: We need the Go version and Go cache location for the actions/cache step, # so the Go installation must happen before that. - id: setup-go uses: actions/setup-go@v4 From d114fb4233f22cb9edb3e1a6555ca0a677bcfc7e Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Tue, 23 Jan 2024 08:24:12 -0600 Subject: [PATCH 027/104] Move TODO and add link to the issue `TODO` was placed on the wrong comment block. Also I am adding a link to the issue for the TODO. --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f5ba773..0068f1f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -51,7 +51,7 @@ jobs: uses: actions/setup-python@v4 with: python-version: "3.11" - # TODO: We need the Go version and Go cache location for the actions/cache step, + # We need the Go version and Go cache location for the actions/cache step, # so the Go installation must happen before that. - id: setup-go uses: actions/setup-go@v4 @@ -127,6 +127,7 @@ jobs: PACKAGE_URL: honnef.co/go/tools/cmd/staticcheck PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} + # TODO: https://github.com/cisagov/skeleton-generic/issues/165 # We are temporarily using @mcdonnnj's forked branch of terraform-docs # until his PR: https://github.com/terraform-docs/terraform-docs/pull/745 # is approved. This temporary fix will allow for ATX header support when From c907cfc82a8f329fbd4ad0ee17f3500922c51711 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Tue, 23 Jan 2024 08:41:41 -0600 Subject: [PATCH 028/104] Alphabetize switches Co-authored-by: dav3r --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0068f1f..35391d5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -134,9 +134,10 @@ jobs: # terraform-docs is run during linting. - name: Clone ATX headers branch from terraform-docs fork run: | - git clone --single-branch \ + git clone \ --branch $TERRAFORM_DOCS_REPO_BRANCH_NAME \ --depth $TERRAFORM_DOCS_REPO_DEPTH \ + --single-branch \ $TERRAFORM_DOCS_REPO_URL /tmp/terraform-docs - name: Build and install terraform-docs binary run: | From 48db3e3381aa61bdbe67dab64454db3e7f332c75 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Thu, 25 Jan 2024 12:19:41 -0600 Subject: [PATCH 029/104] Allow setup-env to specify Python version This commit is introducing 2 new flags into the setup-env script. -l or --list-versions will list available Python versions and allow the user to select a version interactively. The second flag -v or --version will allow a user to set the version if installed. (e.g. ./setup-env -v 3.9.6) --- setup-env | 42 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/setup-env b/setup-env index 77926bf..b99ec5f 100755 --- a/setup-env +++ b/setup-env @@ -25,6 +25,8 @@ Options: -h --help Show this message. -i --install-hooks Install hook environments for all environments in the pre-commit config file. + -v --version Specify the Python version for the virtual environment. + -l --list-versions List available Python versions and select interactively. END_OF_LINE ) @@ -35,6 +37,13 @@ FORCE=0 # Positional parameters PARAMS="" +# Flags to allow a user to specify which version of Python they want to use +PYTHON_VERSION="" +LIST_VERSIONS=0 + +# Temp file that is used to search through available installed Python versions +TMPFILE=/tmp/versions.$$ + # Parse command line arguments while (("$#")); do case "$1" in @@ -50,6 +59,14 @@ while (("$#")); do INSTALL_HOOKS=1 shift ;; + -v | --version) + PYTHON_VERSION=$2 + shift 2 + ;; + -l | --list-versions) + LIST_VERSIONS=1 + shift + ;; -*) # unsupported flags echo "Error: Unsupported flag $1" >&2 exit 1 @@ -111,6 +128,25 @@ else fi set -o nounset +# List Python versions and select one interactively +if [ $LIST_VERSIONS -ne 0 ]; then + echo Available Python versions: + pyenv versions --bare --skip-aliases --skip-envs + read -p -r "Enter the desired Python version: " PYTHON_VERSION +fi + +# Check if PYTHON_VERSION isn't empty. If it is installed, set it locally. +pyenv versions --bare --skip-aliases --skip-envs > $TMPFILE +if [ -n "$PYTHON_VERSION" ]; then + if grep --fixed-strings --quiet "$PYTHON_VERSION" $TMPFILE; then + echo Using Python version "$PYTHON_VERSION" + pyenv local "$PYTHON_VERSION" + else + echo Error: Python version "$PYTHON_VERSION" is not installed. + fi + exit 1 +fi + # Remove any lingering local configuration. if [ $FORCE -ne 0 ]; then rm -f .python-version @@ -130,10 +166,10 @@ fi # Create a new virtual environment for this project if ! pyenv virtualenv "${env_name}"; then cat << END_OF_LINE - An existing virtual environment named $env_name was found. Either delete this - environment yourself or re-run with --force option to have it deleted. + An existing virtual environment named $env_name was found. Either delete this + environment yourself or re-run with --force option to have it deleted. - pyenv virtualenv-delete ${env_name} + pyenv virtualenv-delete ${env_name} END_OF_LINE exit 1 From c10929afae693990a3d4d034faa2c1ab1b2689ee Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Thu, 25 Jan 2024 14:15:40 -0600 Subject: [PATCH 030/104] Add /dev/null and remove TMPFILE This makes the code a bit cleaner and still accomplishes the same functionality Co-authored-by: Shane Frasier --- setup-env | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/setup-env b/setup-env index b99ec5f..769522a 100755 --- a/setup-env +++ b/setup-env @@ -41,9 +41,6 @@ PARAMS="" PYTHON_VERSION="" LIST_VERSIONS=0 -# Temp file that is used to search through available installed Python versions -TMPFILE=/tmp/versions.$$ - # Parse command line arguments while (("$#")); do case "$1" in @@ -136,9 +133,8 @@ if [ $LIST_VERSIONS -ne 0 ]; then fi # Check if PYTHON_VERSION isn't empty. If it is installed, set it locally. -pyenv versions --bare --skip-aliases --skip-envs > $TMPFILE if [ -n "$PYTHON_VERSION" ]; then - if grep --fixed-strings --quiet "$PYTHON_VERSION" $TMPFILE; then + if pyenv versions --bare --skip-aliases --skip-envs | grep --fixed-strings "$PYTHON_VERSION" >/dev/null; then echo Using Python version "$PYTHON_VERSION" pyenv local "$PYTHON_VERSION" else From adada40e6fa6aed6fa14f253a5b86f313b3dfa8f Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Thu, 25 Jan 2024 14:19:54 -0600 Subject: [PATCH 031/104] Place flags in the correct order for -r and -p --- setup-env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup-env b/setup-env index 769522a..2adbd5a 100755 --- a/setup-env +++ b/setup-env @@ -129,12 +129,12 @@ set -o nounset if [ $LIST_VERSIONS -ne 0 ]; then echo Available Python versions: pyenv versions --bare --skip-aliases --skip-envs - read -p -r "Enter the desired Python version: " PYTHON_VERSION + read -r -p "Enter the desired Python version: " PYTHON_VERSION fi # Check if PYTHON_VERSION isn't empty. If it is installed, set it locally. if [ -n "$PYTHON_VERSION" ]; then - if pyenv versions --bare --skip-aliases --skip-envs | grep --fixed-strings "$PYTHON_VERSION" >/dev/null; then + if pyenv versions --bare --skip-aliases --skip-envs | grep --fixed-strings "$PYTHON_VERSION" > /dev/null; then echo Using Python version "$PYTHON_VERSION" pyenv local "$PYTHON_VERSION" else From 1861b9b86778613bdaeff804418f2d00706f4a08 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Thu, 25 Jan 2024 14:21:49 -0600 Subject: [PATCH 032/104] Remove unneccessary spacing --- setup-env | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup-env b/setup-env index 2adbd5a..5abb624 100755 --- a/setup-env +++ b/setup-env @@ -162,10 +162,10 @@ fi # Create a new virtual environment for this project if ! pyenv virtualenv "${env_name}"; then cat << END_OF_LINE - An existing virtual environment named $env_name was found. Either delete this - environment yourself or re-run with --force option to have it deleted. + An existing virtual environment named $env_name was found. Either delete this + environment yourself or re-run with --force option to have it deleted. - pyenv virtualenv-delete ${env_name} + pyenv virtualenv-delete ${env_name} END_OF_LINE exit 1 From 3f623e493752c581829271a148cb9fff3ad4f4ab Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Thu, 25 Jan 2024 14:25:37 -0600 Subject: [PATCH 033/104] Alphabetize flags and descriptions Co-authored-by: Shane Frasier --- setup-env | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/setup-env b/setup-env index 5abb624..5282e49 100755 --- a/setup-env +++ b/setup-env @@ -25,8 +25,8 @@ Options: -h --help Show this message. -i --install-hooks Install hook environments for all environments in the pre-commit config file. - -v --version Specify the Python version for the virtual environment. -l --list-versions List available Python versions and select interactively. + -v --version Specify the Python version for the virtual environment. END_OF_LINE ) @@ -56,14 +56,14 @@ while (("$#")); do INSTALL_HOOKS=1 shift ;; - -v | --version) - PYTHON_VERSION=$2 - shift 2 - ;; -l | --list-versions) LIST_VERSIONS=1 shift ;; + -v | --version) + PYTHON_VERSION=$2 + shift 2 + ;; -*) # unsupported flags echo "Error: Unsupported flag $1" >&2 exit 1 From 9497dc276e9f148211e32cc800342846cfa25e33 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 26 Jan 2024 10:08:25 -0500 Subject: [PATCH 034/104] Move misplaced exit If the Python version exists then we want the script to continue execution. --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 5282e49..5d15679 100755 --- a/setup-env +++ b/setup-env @@ -139,8 +139,8 @@ if [ -n "$PYTHON_VERSION" ]; then pyenv local "$PYTHON_VERSION" else echo Error: Python version "$PYTHON_VERSION" is not installed. + exit 1 fi - exit 1 fi # Remove any lingering local configuration. From e1d0f28ba1d96b2da0af91e277648ca88d0c3f35 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 26 Jan 2024 10:10:23 -0500 Subject: [PATCH 035/104] Remove premature pyenv local command pyenv local is run below. --- setup-env | 1 - 1 file changed, 1 deletion(-) diff --git a/setup-env b/setup-env index 5d15679..a78f940 100755 --- a/setup-env +++ b/setup-env @@ -136,7 +136,6 @@ fi if [ -n "$PYTHON_VERSION" ]; then if pyenv versions --bare --skip-aliases --skip-envs | grep --fixed-strings "$PYTHON_VERSION" > /dev/null; then echo Using Python version "$PYTHON_VERSION" - pyenv local "$PYTHON_VERSION" else echo Error: Python version "$PYTHON_VERSION" is not installed. exit 1 From 517b336210269d890c28e5c05d1c13e866fb7b15 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 26 Jan 2024 10:11:50 -0500 Subject: [PATCH 036/104] Include PYTHON_VERSION when running pyenv virtualenv If PYTHON_VERSION is an empty string then the system Python will be used. --- setup-env | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/setup-env b/setup-env index a78f940..0aa173d 100755 --- a/setup-env +++ b/setup-env @@ -37,8 +37,8 @@ FORCE=0 # Positional parameters PARAMS="" -# Flags to allow a user to specify which version of Python they want to use -PYTHON_VERSION="" +# A flag to allow a user to specify which version of Python they want +# to use. LIST_VERSIONS=0 # Parse command line arguments @@ -132,8 +132,9 @@ if [ $LIST_VERSIONS -ne 0 ]; then read -r -p "Enter the desired Python version: " PYTHON_VERSION fi -# Check if PYTHON_VERSION isn't empty. If it is installed, set it locally. -if [ -n "$PYTHON_VERSION" ]; then +# Check if PYTHON_VERSION is defined. If it is defined then check that +# it is a valid value. +if [ -n "${PYTHON_VERSION+x}" ]; then if pyenv versions --bare --skip-aliases --skip-envs | grep --fixed-strings "$PYTHON_VERSION" > /dev/null; then echo Using Python version "$PYTHON_VERSION" else @@ -159,7 +160,15 @@ END_OF_LINE fi # Create a new virtual environment for this project -if ! pyenv virtualenv "${env_name}"; then +# +# If $PYTHON_VERSION is undefined then the system Python will be used. +# +# We can't quote ${PYTHON_VERSION:=} below since if the variable is +# undefined then we want nothing to appear; this is the reason for the +# "shellcheck disable" line below. +# +# shellcheck disable=SC2086 +if ! pyenv virtualenv ${PYTHON_VERSION:=} "${env_name}"; then cat << END_OF_LINE An existing virtual environment named $env_name was found. Either delete this environment yourself or re-run with --force option to have it deleted. From 2e5794cb2aeaa76e8c94e3113f903954a9564eb4 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Tue, 30 Jan 2024 12:51:51 -0600 Subject: [PATCH 037/104] Add getopt variables and short flags --- setup-env | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/setup-env b/setup-env index 0aa173d..63cebd3 100755 --- a/setup-env +++ b/setup-env @@ -34,9 +34,21 @@ END_OF_LINE # Flag to force deletion and creation of virtual environment FORCE=0 +# Initialize the all other flags +INSTALL_HOOKS=0 +LIST_VERSIONS=0 +PYTHON_VERSION="" +VENV_NAME="" + # Positional parameters PARAMS="" +# Define short options for getopt +OPTS="fhilv:n:" + +# Parse options using BSD getopt +OPTIND=1 + # A flag to allow a user to specify which version of Python they want # to use. LIST_VERSIONS=0 From 8a5003195b6cc3a069fb0c4ec678f20372c4e10d Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Tue, 30 Jan 2024 12:54:12 -0600 Subject: [PATCH 038/104] Remove redundant flag initialization --- setup-env | 4 ---- 1 file changed, 4 deletions(-) diff --git a/setup-env b/setup-env index 63cebd3..da640f0 100755 --- a/setup-env +++ b/setup-env @@ -49,10 +49,6 @@ OPTS="fhilv:n:" # Parse options using BSD getopt OPTIND=1 -# A flag to allow a user to specify which version of Python they want -# to use. -LIST_VERSIONS=0 - # Parse command line arguments while (("$#")); do case "$1" in From 0df0e6aca8252e6356762b9284f3165ee39e2017 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Tue, 30 Jan 2024 13:59:04 -0600 Subject: [PATCH 039/104] Add getopt functionality and -n flag This commit makes a couple changes. The first change is adding the BSD getopt tool to simplify the parsing of flags and arguments. Second, we are adding the -n flag so the user can specify the name of the virtual environment if they choose. --- setup-env | 57 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 36 insertions(+), 21 deletions(-) diff --git a/setup-env b/setup-env index da640f0..e097c82 100755 --- a/setup-env +++ b/setup-env @@ -49,40 +49,55 @@ OPTS="fhilv:n:" # Parse options using BSD getopt OPTIND=1 +# Display installed python versions +python_versions() { + pyenv versions --bare --skip-aliases --skip-envs +} + # Parse command line arguments -while (("$#")); do - case "$1" in - -f | --force) +while getopts :$OPTS opt; do + case $opt in + f) FORCE=1 - shift ;; - -h | --help) - echo "${USAGE}" + h) + echo "$USAGE" exit 0 ;; - -i | --install-hooks) + i) INSTALL_HOOKS=1 - shift ;; - -l | --list-versions) + l) LIST_VERSIONS=1 - shift ;; - -v | --version) - PYTHON_VERSION=$2 - shift 2 + n) + VENV_NAME="$OPTARG" + ;; + v) + PYTHON_VERSION="$OPTARG" + # Check if Python version is valid and installed + if ! python_versions | grep --fixed-strings "$PYTHON_VERSION" > /dev/null; then + echo "Error: Python version $PYTHON_VERSION is not installed. Versions available:" + python_versions + exit 1 + fi ;; - -*) # unsupported flags - echo "Error: Unsupported flag $1" >&2 + \:) + echo Error: Option -$OPTARG requires an argument. + echo "$USAGE" exit 1 ;; - *) # preserve positional arguments - PARAMS="$PARAMS $1" - shift + \?) + echo -e "Invalid option please look through usage: \n" + echo "$USAGE" + exit 1 ;; + esac done +shift $((OPTIND-1)) + # set positional arguments in their proper place eval set -- "$PARAMS" @@ -124,9 +139,9 @@ fi set +o nounset # Determine the virtual environment name -if [ "$1" ]; then +if [ -n "$VENV_NAME" ]; then # Use the user-provided environment name - env_name=$1 + env_name="$VENV_NAME" else # Set the environment name to the last part of the working directory. env_name=${PWD##*/} @@ -136,7 +151,7 @@ set -o nounset # List Python versions and select one interactively if [ $LIST_VERSIONS -ne 0 ]; then echo Available Python versions: - pyenv versions --bare --skip-aliases --skip-envs + python_versions read -r -p "Enter the desired Python version: " PYTHON_VERSION fi From 60cad12a2a64508c1e5c80092118747b64bb32e6 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Tue, 30 Jan 2024 14:16:52 -0600 Subject: [PATCH 040/104] Update the usage and force documentation This commit will update the usage documentation so now it will display all the new flags, how to use them, and what they do. Since the long option isn't available for the BSD version of getopt we have to use short options only. The force documentation has been updated to reflect this change. Also removed some redundant code that wasn't necessary. --- setup-env | 47 +++++++++++++++++++---------------------------- 1 file changed, 19 insertions(+), 28 deletions(-) diff --git a/setup-env b/setup-env index e097c82..4ed12d9 100755 --- a/setup-env +++ b/setup-env @@ -17,16 +17,18 @@ It does the following: - Configures git upstream remote "lineage" repositories. Usage: - setup-env [options] [virt_env_name] - setup-env (-h | --help) + setup-env [-n] [virt_env_name] + setup-env [-v] [python_version] + setup-env (-h) Options: - -f --force Delete virtual enviroment if it already exists. - -h --help Show this message. - -i --install-hooks Install hook environments for all environments in the - pre-commit config file. - -l --list-versions List available Python versions and select interactively. - -v --version Specify the Python version for the virtual environment. + -f Delete virtual enviroment if it already exists. + -h Show this message. + -i Install hook environments for all environments in the + pre-commit config file. + -l List available Python versions and select interactively. + -n Choose the name of the virtual environment. + -v Specify the Python version for the virtual environment. END_OF_LINE ) @@ -49,9 +51,9 @@ OPTS="fhilv:n:" # Parse options using BSD getopt OPTIND=1 -# Display installed python versions +# Display installed python versions python_versions() { - pyenv versions --bare --skip-aliases --skip-envs + pyenv versions --bare --skip-aliases --skip-envs } # Parse command line arguments @@ -82,21 +84,21 @@ while getopts :$OPTS opt; do exit 1 fi ;; - \:) - echo Error: Option -$OPTARG requires an argument. + :) + echo -e "Error: Option -$OPTARG requires an argument. \n" echo "$USAGE" exit 1 ;; \?) - echo -e "Invalid option please look through usage: \n" + echo -e "Invalid option please look through usage: \n" echo "$USAGE" exit 1 ;; - + esac done -shift $((OPTIND-1)) +shift $((OPTIND - 1)) # set positional arguments in their proper place eval set -- "$PARAMS" @@ -155,17 +157,6 @@ if [ $LIST_VERSIONS -ne 0 ]; then read -r -p "Enter the desired Python version: " PYTHON_VERSION fi -# Check if PYTHON_VERSION is defined. If it is defined then check that -# it is a valid value. -if [ -n "${PYTHON_VERSION+x}" ]; then - if pyenv versions --bare --skip-aliases --skip-envs | grep --fixed-strings "$PYTHON_VERSION" > /dev/null; then - echo Using Python version "$PYTHON_VERSION" - else - echo Error: Python version "$PYTHON_VERSION" is not installed. - exit 1 - fi -fi - # Remove any lingering local configuration. if [ $FORCE -ne 0 ]; then rm -f .python-version @@ -173,7 +164,7 @@ if [ $FORCE -ne 0 ]; then elif [[ -f .python-version ]]; then cat << 'END_OF_LINE' An existing .python-version file was found. Either remove this file yourself - or re-run with --force option to have it deleted along with the associated + or re-run with -f (force) option to have it deleted along with the associated virtual environment. rm .python-version @@ -194,7 +185,7 @@ fi if ! pyenv virtualenv ${PYTHON_VERSION:=} "${env_name}"; then cat << END_OF_LINE An existing virtual environment named $env_name was found. Either delete this - environment yourself or re-run with --force option to have it deleted. + environment yourself or re-run with -f (force) option to have it deleted. pyenv virtualenv-delete ${env_name} From b6ab6d82fb63bece7926b9a524bbb59a96c0cb06 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Tue, 6 Feb 2024 19:58:49 -0600 Subject: [PATCH 041/104] Update usage with long options --- setup-env | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/setup-env b/setup-env index 4ed12d9..898907b 100755 --- a/setup-env +++ b/setup-env @@ -9,6 +9,8 @@ USAGE=$( Configure a development environment for this repository. It does the following: + - Allows user to specify Python version. + - Allows user to choose name for their virtual environment. - Verifies pyenv and pyenv-virtualenv are installed. - Creates a Python virtual environment. - Configures the activation of the virtual enviroment for the repo directory. @@ -17,18 +19,18 @@ It does the following: - Configures git upstream remote "lineage" repositories. Usage: - setup-env [-n] [virt_env_name] - setup-env [-v] [python_version] - setup-env (-h) + setup-env (-n | --name) [virt_env_name] + setup-env (-v | --version) [python_version] + setup-env (-h | --help) Options: - -f Delete virtual enviroment if it already exists. - -h Show this message. - -i Install hook environments for all environments in the - pre-commit config file. - -l List available Python versions and select interactively. - -n Choose the name of the virtual environment. - -v Specify the Python version for the virtual environment. + -f | --force Delete virtual enviroment if it already exists. + -h | --help Show this message. + -i | --install-hooks Install hook environments for all environments in the + pre-commit config file. + -l | --list-versions List available Python versions and select interactively. + -n | --name Choose the name of the virtual environment. + -v | --version Specify the Python version for the virtual environment. END_OF_LINE ) From d362614a13731f3884856fa2ee37ade0089fda47 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Tue, 6 Feb 2024 20:28:05 -0600 Subject: [PATCH 042/104] Add gnu-getopt functionality and error handling This commit will make it so long options are supported. It also includes some improved error handling. It will display a message if a Mac OS user doesn't have gnu-getopt installed on their system and suggest steps to take to get it installed via brew. --- setup-env | 107 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 68 insertions(+), 39 deletions(-) diff --git a/setup-env b/setup-env index 898907b..f4cdf75 100755 --- a/setup-env +++ b/setup-env @@ -35,6 +35,11 @@ Options: END_OF_LINE ) +# Display installed python versions +python_versions() { + pyenv versions --bare --skip-aliases --skip-envs +} + # Flag to force deletion and creation of virtual environment FORCE=0 @@ -44,67 +49,82 @@ LIST_VERSIONS=0 PYTHON_VERSION="" VENV_NAME="" -# Positional parameters -PARAMS="" +# Define long options +LONGOPTS="force,help,install-hooks,list-versions,name:,version:" # Define short options for getopt -OPTS="fhilv:n:" +SHORTOPTS="fhiln:v:" -# Parse options using BSD getopt -OPTIND=1 +# Check if GNU getopt is available +if [[ $(getopt --version 2> /dev/null) != *"getopt from util-linux"* ]]; then + cat << 'END_OF_LINE' -# Display installed python versions -python_versions() { - pyenv versions --bare --skip-aliases --skip-envs -} + Gnu-getopt is not detected and is a dependency to run this script. + On the Mac, we recommend installing brew, https://brew.sh/. Then installation + is as simple as `brew install gnu-getopt` and adding this to your + profile: + + export PATH="/usr/local/opt/gnu-getopt/bin:$PATH" + +END_OF_LINE + exit 1 +fi -# Parse command line arguments -while getopts :$OPTS opt; do - case $opt in - f) +# Use GNU getopt to parse options +if ! PARSED=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS --name "$0" -- "$@"); then + echo "Error parsing options" + exit 2 +fi +eval set -- "$PARSED" + +while true; do + case "$1" in + -f | --force) FORCE=1 + shift ;; - h) + -h | --help) echo "$USAGE" exit 0 ;; - i) + -i | --install-hooks) INSTALL_HOOKS=1 + shift ;; - l) + -l | --list-versions) LIST_VERSIONS=1 + shift ;; - n) - VENV_NAME="$OPTARG" + -n | --name) + VENV_NAME="$2" + shift 2 ;; - v) - PYTHON_VERSION="$OPTARG" - # Check if Python version is valid and installed - if ! python_versions | grep --fixed-strings "$PYTHON_VERSION" > /dev/null; then - echo "Error: Python version $PYTHON_VERSION is not installed. Versions available:" - python_versions - exit 1 + -v | --version) + PYTHON_VERSION="$2" + shift 2 + # Check the Python versions being passed in. + if [ -n "${PYTHON_VERSION+x}" ]; then + if python_versions | grep -E "^${PYTHON_VERSION}$" > /dev/null; then + echo Using Python version "$PYTHON_VERSION" + else + echo Error: Python version "$PYTHON_VERSION" is not installed. + echo Installed Python versions are: + python_versions + exit 1 + fi fi ;; - :) - echo -e "Error: Option -$OPTARG requires an argument. \n" - echo "$USAGE" - exit 1 + --) + shift + break ;; - \?) - echo -e "Invalid option please look through usage: \n" - echo "$USAGE" - exit 1 + *) + echo "Programming error" + exit 3 ;; - esac done -shift $((OPTIND - 1)) - -# set positional arguments in their proper place -eval set -- "$PARAMS" - # Check to see if pyenv is installed if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ]; }; then echo "pyenv and pyenv-virtualenv are required." @@ -157,6 +177,15 @@ if [ $LIST_VERSIONS -ne 0 ]; then echo Available Python versions: python_versions read -r -p "Enter the desired Python version: " PYTHON_VERSION + # Check the Python versions being passed in. + if [ -n "${PYTHON_VERSION+x}" ]; then + if python_versions | grep -E "^${PYTHON_VERSION}$" > /dev/null; then + echo Using Python version "$PYTHON_VERSION" + else + echo Error: Python version "$PYTHON_VERSION" is not installed. + exit 1 + fi + fi fi # Remove any lingering local configuration. From f92458454394db61e8080b72b42fd340b3b64aa1 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Tue, 6 Feb 2024 20:49:34 -0600 Subject: [PATCH 043/104] Add documentation in CONTRIBUTING.md for gnu-getopt --- CONTRIBUTING.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 27bb9e7..dbbe417 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -46,9 +46,12 @@ There are a few ways to do this, but we prefer to use create and manage a Python virtual environment specific to this project. -If you already have `pyenv` and `pyenv-virtualenv` configured you can -take advantage of the `setup-env` tool in this repo to automate the -entire environment configuration process. +The `setup-env` tool in this repository is our recommended method +for automating the entire environment configuration process. The +dependencies required to run this tool are +[`gnu-getopt`](https://manned.org/getopt.1), `pyenv`, and +`pyenv-virtualenv`. If these tools are already configured on +your system, you can simply run the following command. ```console ./setup-env @@ -57,13 +60,14 @@ entire environment configuration process. Otherwise, follow the steps below to manually configure your environment. -#### Installing and using `pyenv` and `pyenv-virtualenv` #### +#### Installing and using `gnu-getopt`, `pyenv`, and `pyenv-virtualenv` #### On the Mac, we recommend installing [brew](https://brew.sh/). Then -installation is as simple as `brew install pyenv pyenv-virtualenv` and +installation is as simple as `brew install gnu-getopt pyenv pyenv-virtualenv` and adding this to your profile: ```bash +export PATH="/usr/local/opt/gnu-getopt/bin:$PATH" export PYENV_ROOT="$HOME/.pyenv" export PATH="$PYENV_ROOT/bin:$PATH" eval "$(pyenv init --path)" @@ -78,6 +82,8 @@ install the necessary tools. Before running this ensure that you have installed the prerequisites for your platform according to the [`pyenv` wiki page](https://github.com/pyenv/pyenv/wiki/common-build-problems). +`Gnu-getopt` is generally included in the core utilities of most +Linux distributions. On WSL you should treat your platform as whatever Linux distribution you've chosen to install. From ba86ead6c4f757f03610c6065df46e5ba4ad4dbd Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 7 Feb 2024 09:43:30 -0600 Subject: [PATCH 044/104] Fix grammar and capitalization errors Co-authored-by: Shane Frasier --- CONTRIBUTING.md | 2 +- setup-env | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index dbbe417..d96a0e3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -82,7 +82,7 @@ install the necessary tools. Before running this ensure that you have installed the prerequisites for your platform according to the [`pyenv` wiki page](https://github.com/pyenv/pyenv/wiki/common-build-problems). -`Gnu-getopt` is generally included in the core utilities of most +`gnu-getopt` is generally included in the core utilities of most Linux distributions. On WSL you should treat your platform as whatever Linux distribution diff --git a/setup-env b/setup-env index f4cdf75..1054a64 100755 --- a/setup-env +++ b/setup-env @@ -9,10 +9,10 @@ USAGE=$( Configure a development environment for this repository. It does the following: - - Allows user to specify Python version. - - Allows user to choose name for their virtual environment. + - Allows the user to specify the Python version to use for the virtual environment. + - Allows the user to specify a name for the virtual environment. - Verifies pyenv and pyenv-virtualenv are installed. - - Creates a Python virtual environment. + - Creates the Python virtual environment. - Configures the activation of the virtual enviroment for the repo directory. - Installs the requirements needed for development. - Installs git pre-commit hooks. @@ -29,7 +29,7 @@ Options: -i | --install-hooks Install hook environments for all environments in the pre-commit config file. -l | --list-versions List available Python versions and select interactively. - -n | --name Choose the name of the virtual environment. + -n | --name Specify the name of the virtual environment. -v | --version Specify the Python version for the virtual environment. END_OF_LINE @@ -195,7 +195,7 @@ if [ $FORCE -ne 0 ]; then elif [[ -f .python-version ]]; then cat << 'END_OF_LINE' An existing .python-version file was found. Either remove this file yourself - or re-run with -f (force) option to have it deleted along with the associated + or re-run with the --force option to have it deleted along with the associated virtual environment. rm .python-version @@ -216,7 +216,7 @@ fi if ! pyenv virtualenv ${PYTHON_VERSION:=} "${env_name}"; then cat << END_OF_LINE An existing virtual environment named $env_name was found. Either delete this - environment yourself or re-run with -f (force) option to have it deleted. + environment yourself or re-run with the --force option to have it deleted. pyenv virtualenv-delete ${env_name} From ba0fc19811d2b9bcb2cc043660f6dcd9d6d9c64b Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 7 Feb 2024 09:48:01 -0600 Subject: [PATCH 045/104] Combine PATH exports to single line Co-authored-by: Shane Frasier --- CONTRIBUTING.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d96a0e3..1e6cc74 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -67,9 +67,8 @@ installation is as simple as `brew install gnu-getopt pyenv pyenv-virtualenv` an adding this to your profile: ```bash -export PATH="/usr/local/opt/gnu-getopt/bin:$PATH" export PYENV_ROOT="$HOME/.pyenv" -export PATH="$PYENV_ROOT/bin:$PATH" +export PATH="$PYENV_ROOT/bin:/usr/local/opt/gnu-getopt/bin:$PATH" eval "$(pyenv init --path)" eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" From 1240bdd98fe3523dada222782a55df8c2b258e5c Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 7 Feb 2024 09:48:39 -0600 Subject: [PATCH 046/104] Improve usage instructions Co-authored-by: Shane Frasier --- setup-env | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup-env b/setup-env index 1054a64..a0230ed 100755 --- a/setup-env +++ b/setup-env @@ -19,8 +19,7 @@ It does the following: - Configures git upstream remote "lineage" repositories. Usage: - setup-env (-n | --name) [virt_env_name] - setup-env (-v | --version) [python_version] + setup-env (-n | --name) [virt_env_name] (-v | --version) [python_version] setup-env (-h | --help) Options: From 297b5bd850f716372eb385c25ef29936b4bd6d7c Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 7 Feb 2024 11:03:35 -0600 Subject: [PATCH 047/104] Add $(brew --prefix) to PATH for getopt Co-authored-by: dav3r --- CONTRIBUTING.md | 2 +- setup-env | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1e6cc74..899f4ff 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -68,7 +68,7 @@ adding this to your profile: ```bash export PYENV_ROOT="$HOME/.pyenv" -export PATH="$PYENV_ROOT/bin:/usr/local/opt/gnu-getopt/bin:$PATH" +export PATH="$PYENV_ROOT/bin:$(brew --prefix)/opt/gnu-getopt/bin:$PATH" eval "$(pyenv init --path)" eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" diff --git a/setup-env b/setup-env index a0230ed..3ddc9c9 100755 --- a/setup-env +++ b/setup-env @@ -63,7 +63,7 @@ if [[ $(getopt --version 2> /dev/null) != *"getopt from util-linux"* ]]; then is as simple as `brew install gnu-getopt` and adding this to your profile: - export PATH="/usr/local/opt/gnu-getopt/bin:$PATH" + export PATH="$(brew --prefix)/opt/gnu-getopt/bin:$PATH" END_OF_LINE exit 1 From 7af70f514fba159ed6e7c8ae85af7a0e14a667a1 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 7 Feb 2024 11:04:27 -0600 Subject: [PATCH 048/104] Fix confusing wording Co-authored-by: dav3r --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 3ddc9c9..1e2fd79 100755 --- a/setup-env +++ b/setup-env @@ -42,7 +42,7 @@ python_versions() { # Flag to force deletion and creation of virtual environment FORCE=0 -# Initialize the all other flags +# Initialize the other flags INSTALL_HOOKS=0 LIST_VERSIONS=0 PYTHON_VERSION="" From e5a2d14964a65c0f5b74e53e5f7e606778b5f003 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 7 Feb 2024 11:06:50 -0600 Subject: [PATCH 049/104] Replace virt_env_name w/ virtual_env_name for clarity Co-authored-by: dav3r --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 1e2fd79..ac20852 100755 --- a/setup-env +++ b/setup-env @@ -19,7 +19,7 @@ It does the following: - Configures git upstream remote "lineage" repositories. Usage: - setup-env (-n | --name) [virt_env_name] (-v | --version) [python_version] + setup-env (-n | --name) [virtual_env_name] (-v | --version) [python_version] setup-env (-h | --help) Options: From 82c70e089bfd43c84273a83228da38030d340c14 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Tue, 13 Feb 2024 14:31:35 -0600 Subject: [PATCH 050/104] Differentiate between GNU getopt and gnu-getopt brew formula This commit will clearly differentiate between GNU getopt the tool and gnu-getopt the Homebrew formula. Also updating the URL so that getopt points at the source repository and pyenv and pyenv-virtualenv point at their respective repositories. Updated the ending punctuation. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- CONTRIBUTING.md | 13 +++++++------ setup-env | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 899f4ff..afb1ae8 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -49,9 +49,10 @@ project. The `setup-env` tool in this repository is our recommended method for automating the entire environment configuration process. The dependencies required to run this tool are -[`gnu-getopt`](https://manned.org/getopt.1), `pyenv`, and -`pyenv-virtualenv`. If these tools are already configured on -your system, you can simply run the following command. +[GNU `getopt`](https://github.com/util-linux/util-linux/blob/master/misc-utils/getopt.1.adoc), +[`pyenv`](https://github.com/pyenv/pyenv), and [`pyenv-virtualenv`](https://github.com/pyenv/pyenv-virtualenv). +If these tools are already configured on your system, you can simply run the +following command: ```console ./setup-env @@ -60,7 +61,7 @@ your system, you can simply run the following command. Otherwise, follow the steps below to manually configure your environment. -#### Installing and using `gnu-getopt`, `pyenv`, and `pyenv-virtualenv` #### +#### Installing and using GNU `getopt`, `pyenv`, and `pyenv-virtualenv` #### On the Mac, we recommend installing [brew](https://brew.sh/). Then installation is as simple as `brew install gnu-getopt pyenv pyenv-virtualenv` and @@ -81,8 +82,8 @@ install the necessary tools. Before running this ensure that you have installed the prerequisites for your platform according to the [`pyenv` wiki page](https://github.com/pyenv/pyenv/wiki/common-build-problems). -`gnu-getopt` is generally included in the core utilities of most -Linux distributions. +GNU `getopt` is included in most Linux distributions as part of the +[`util-linux`](https://github.com/util-linux/util-linux) package. On WSL you should treat your platform as whatever Linux distribution you've chosen to install. diff --git a/setup-env b/setup-env index ac20852..0e9598b 100755 --- a/setup-env +++ b/setup-env @@ -58,7 +58,7 @@ SHORTOPTS="fhiln:v:" if [[ $(getopt --version 2> /dev/null) != *"getopt from util-linux"* ]]; then cat << 'END_OF_LINE' - Gnu-getopt is not detected and is a dependency to run this script. + GNU getopt is not detected and is a dependency to run this script. On the Mac, we recommend installing brew, https://brew.sh/. Then installation is as simple as `brew install gnu-getopt` and adding this to your profile: From 493a4a3e5dfe4c705998395797c75eda756c6dc4 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Tue, 13 Feb 2024 14:58:43 -0600 Subject: [PATCH 051/104] Add parenthesis over brew link Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 0e9598b..f0d4b36 100755 --- a/setup-env +++ b/setup-env @@ -59,7 +59,7 @@ if [[ $(getopt --version 2> /dev/null) != *"getopt from util-linux"* ]]; then cat << 'END_OF_LINE' GNU getopt is not detected and is a dependency to run this script. - On the Mac, we recommend installing brew, https://brew.sh/. Then installation + On the Mac, we recommend installing brew (https://brew.sh/). Then installation is as simple as `brew install gnu-getopt` and adding this to your profile: From 3bc9aeb12fb7a270fa6bc54fcc4deceb897906bc Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 14 Feb 2024 07:37:24 -0600 Subject: [PATCH 052/104] Refactor flag names for clarity and accuracy This commit will remove the previous flags -v or --version for -p or --python-version. Also it will replace -n or --name for -v or --venv-name. The usage menu has been updated to reflect these changes as well. --- setup-env | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/setup-env b/setup-env index f0d4b36..b7b08e6 100755 --- a/setup-env +++ b/setup-env @@ -19,7 +19,7 @@ It does the following: - Configures git upstream remote "lineage" repositories. Usage: - setup-env (-n | --name) [virtual_env_name] (-v | --version) [python_version] + setup-env [--venv-name virtual_env_name] [--python-version python_version] setup-env (-h | --help) Options: @@ -28,8 +28,8 @@ Options: -i | --install-hooks Install hook environments for all environments in the pre-commit config file. -l | --list-versions List available Python versions and select interactively. - -n | --name Specify the name of the virtual environment. - -v | --version Specify the Python version for the virtual environment. + -v | --venv-name Specify the name of the virtual environment. + -p | --python-version Specify the Python version for the virtual environment. END_OF_LINE ) @@ -49,10 +49,10 @@ PYTHON_VERSION="" VENV_NAME="" # Define long options -LONGOPTS="force,help,install-hooks,list-versions,name:,version:" +LONGOPTS="force,help,install-hooks,list-versions,python-version:,venv-name:" # Define short options for getopt -SHORTOPTS="fhiln:v:" +SHORTOPTS="fhilp:v:" # Check if GNU getopt is available if [[ $(getopt --version 2> /dev/null) != *"getopt from util-linux"* ]]; then @@ -94,11 +94,7 @@ while true; do LIST_VERSIONS=1 shift ;; - -n | --name) - VENV_NAME="$2" - shift 2 - ;; - -v | --version) + -p | --python-version) PYTHON_VERSION="$2" shift 2 # Check the Python versions being passed in. @@ -113,6 +109,10 @@ while true; do fi fi ;; + -v | --venv-name) + VENV_NAME="$2" + shift 2 + ;; --) shift break From 0be1f6376dc914be4eff9ce5fde7649d085a2582 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 14 Feb 2024 08:08:07 -0600 Subject: [PATCH 053/104] Elaborate on message when checking for GNU getopt --- setup-env | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/setup-env b/setup-env index b7b08e6..6649b4d 100755 --- a/setup-env +++ b/setup-env @@ -58,7 +58,13 @@ SHORTOPTS="fhilp:v:" if [[ $(getopt --version 2> /dev/null) != *"getopt from util-linux"* ]]; then cat << 'END_OF_LINE' - GNU getopt is not detected and is a dependency to run this script. + Please note, this script requires GNU getopt due to its enhanced + functionality and compatibility with certain script features that + are not supported by the POSIX getopt found in some systems, particularly + those with a non-GNU version of getopt. This distinction is crucial + as a system might have a non-GNU version of getopt installed by default, + which could lead to unexpected behavior or script failure. + On the Mac, we recommend installing brew (https://brew.sh/). Then installation is as simple as `brew install gnu-getopt` and adding this to your profile: From c8f0b1b996958a5fa965343fa7e6295b7160cbf4 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 14 Feb 2024 08:10:21 -0600 Subject: [PATCH 054/104] Remove unnecessary nounset flipping logic --- setup-env | 2 -- 1 file changed, 2 deletions(-) diff --git a/setup-env b/setup-env index 6649b4d..05b010b 100755 --- a/setup-env +++ b/setup-env @@ -166,7 +166,6 @@ END_OF_LINE exit 1 fi -set +o nounset # Determine the virtual environment name if [ -n "$VENV_NAME" ]; then # Use the user-provided environment name @@ -175,7 +174,6 @@ else # Set the environment name to the last part of the working directory. env_name=${PWD##*/} fi -set -o nounset # List Python versions and select one interactively if [ $LIST_VERSIONS -ne 0 ]; then From 495862aeaf3430b0a69f92cf54b6415818139db2 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 14 Feb 2024 08:20:56 -0600 Subject: [PATCH 055/104] Separate pyenv PATH from GNU getopt PATH --- CONTRIBUTING.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index afb1ae8..3a5e087 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -69,7 +69,8 @@ adding this to your profile: ```bash export PYENV_ROOT="$HOME/.pyenv" -export PATH="$PYENV_ROOT/bin:$(brew --prefix)/opt/gnu-getopt/bin:$PATH" +export PATH="$PYENV_ROOT/bin:$PATH" +export PATH="$(brew --prefix)/opt/gnu-getopt/bin:$PATH" eval "$(pyenv init --path)" eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" From 4752b37ec887a65e967f01a1f9b7633e02a02af8 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 21 Feb 2024 10:57:38 -0600 Subject: [PATCH 056/104] Improve verbiage in comments Co-authored-by: Shane Frasier --- CONTRIBUTING.md | 4 ++-- setup-env | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3a5e087..9ff54e4 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -46,8 +46,8 @@ There are a few ways to do this, but we prefer to use create and manage a Python virtual environment specific to this project. -The `setup-env` tool in this repository is our recommended method -for automating the entire environment configuration process. The +We recommend using the `setup-env` tool located in this repository, +as it automates the entire environment configuration process. The dependencies required to run this tool are [GNU `getopt`](https://github.com/util-linux/util-linux/blob/master/misc-utils/getopt.1.adoc), [`pyenv`](https://github.com/pyenv/pyenv), and [`pyenv-virtualenv`](https://github.com/pyenv/pyenv-virtualenv). diff --git a/setup-env b/setup-env index 05b010b..6d9fec0 100755 --- a/setup-env +++ b/setup-env @@ -27,7 +27,7 @@ Options: -h | --help Show this message. -i | --install-hooks Install hook environments for all environments in the pre-commit config file. - -l | --list-versions List available Python versions and select interactively. + -l | --list-versions List available Python versions and select one interactively. -v | --venv-name Specify the name of the virtual environment. -p | --python-version Specify the Python version for the virtual environment. @@ -63,7 +63,7 @@ if [[ $(getopt --version 2> /dev/null) != *"getopt from util-linux"* ]]; then are not supported by the POSIX getopt found in some systems, particularly those with a non-GNU version of getopt. This distinction is crucial as a system might have a non-GNU version of getopt installed by default, - which could lead to unexpected behavior or script failure. + which could lead to unexpected behavior. On the Mac, we recommend installing brew (https://brew.sh/). Then installation is as simple as `brew install gnu-getopt` and adding this to your From 2e389979b0b0b34a6f32443d88f8ed0ba8c647cd Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 21 Feb 2024 11:22:53 -0600 Subject: [PATCH 057/104] Clarify between pyenv and GNU getopt setup Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- CONTRIBUTING.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 9ff54e4..a844f86 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -68,9 +68,12 @@ installation is as simple as `brew install gnu-getopt pyenv pyenv-virtualenv` an adding this to your profile: ```bash +# Enable GNU getopt since it is keg-only +export PATH="$(brew --prefix)/opt/gnu-getopt/bin:$PATH" + +# Setup pyenv export PYENV_ROOT="$HOME/.pyenv" export PATH="$PYENV_ROOT/bin:$PATH" -export PATH="$(brew --prefix)/opt/gnu-getopt/bin:$PATH" eval "$(pyenv init --path)" eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" From f8824c8aa157cbee0ec95367b1754eeac67934c9 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 21 Feb 2024 12:14:23 -0600 Subject: [PATCH 058/104] Improve comment on conditional check for regex --- setup-env | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 6d9fec0..6d16958 100755 --- a/setup-env +++ b/setup-env @@ -54,7 +54,9 @@ LONGOPTS="force,help,install-hooks,list-versions,python-version:,venv-name:" # Define short options for getopt SHORTOPTS="fhilp:v:" -# Check if GNU getopt is available +# Check for GNU getopt by matching a specific pattern ("getopt from util-linux") +# in its version output. This approach presumes the output format remains stable. +# Be aware that format changes could invalidate this check. if [[ $(getopt --version 2> /dev/null) != *"getopt from util-linux"* ]]; then cat << 'END_OF_LINE' From 88724e70167a5864495eccff5532f4c59fbefc1c Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 21 Feb 2024 12:25:49 -0600 Subject: [PATCH 059/104] Add comment explaining that GNU getopt is keg-only --- setup-env | 2 ++ 1 file changed, 2 insertions(+) diff --git a/setup-env b/setup-env index 6d16958..84a8305 100755 --- a/setup-env +++ b/setup-env @@ -73,6 +73,8 @@ if [[ $(getopt --version 2> /dev/null) != *"getopt from util-linux"* ]]; then export PATH="$(brew --prefix)/opt/gnu-getopt/bin:$PATH" + This will enable GNU getopt since it is keg-only. + END_OF_LINE exit 1 fi From c1870be7a16f5e88f6e6540c290f674da4861e07 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 21 Feb 2024 16:28:54 -0600 Subject: [PATCH 060/104] Improve comments to better describe `keg-only` terminology Co-authored-by: Shane Frasier --- CONTRIBUTING.md | 3 ++- setup-env | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a844f86..7bb8881 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -68,7 +68,8 @@ installation is as simple as `brew install gnu-getopt pyenv pyenv-virtualenv` an adding this to your profile: ```bash -# Enable GNU getopt since it is keg-only +# GNU getopt must be explicitly added to the path since it is +# keg-only export PATH="$(brew --prefix)/opt/gnu-getopt/bin:$PATH" # Setup pyenv diff --git a/setup-env b/setup-env index 84a8305..3fa8c47 100755 --- a/setup-env +++ b/setup-env @@ -73,7 +73,8 @@ if [[ $(getopt --version 2> /dev/null) != *"getopt from util-linux"* ]]; then export PATH="$(brew --prefix)/opt/gnu-getopt/bin:$PATH" - This will enable GNU getopt since it is keg-only. + GNU getopt must be explicitly added to the PATH since it + is keg-only. END_OF_LINE exit 1 From a3f69cd24e58077ee6f084bce900ed176c88cff7 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 26 Feb 2024 08:04:19 -0600 Subject: [PATCH 061/104] Change "'setup-env' tool" to "'setup-env' script" Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7bb8881..fca0cf7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -46,7 +46,7 @@ There are a few ways to do this, but we prefer to use create and manage a Python virtual environment specific to this project. -We recommend using the `setup-env` tool located in this repository, +We recommend using the `setup-env` script located in this repository, as it automates the entire environment configuration process. The dependencies required to run this tool are [GNU `getopt`](https://github.com/util-linux/util-linux/blob/master/misc-utils/getopt.1.adoc), From 8ff51796ec530e68d35362fab761608e676dcd3a Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 26 Feb 2024 08:07:16 -0600 Subject: [PATCH 062/104] Remove build-in error exit for generic error exit Exit code 2 usually relates to build-ins which does not fit what is failing here. Not sure what alternative would be best so we can just use the generic failure code Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 3fa8c47..f7ce620 100755 --- a/setup-env +++ b/setup-env @@ -83,7 +83,7 @@ fi # Use GNU getopt to parse options if ! PARSED=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS --name "$0" -- "$@"); then echo "Error parsing options" - exit 2 + exit 1 fi eval set -- "$PARSED" From 1c21e2b9839980c75410584c69d0ac0a0651f097 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 26 Feb 2024 08:08:39 -0600 Subject: [PATCH 063/104] Change verbiage from 'tool' to 'script' for clarity Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index fca0cf7..cdab589 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -48,7 +48,7 @@ project. We recommend using the `setup-env` script located in this repository, as it automates the entire environment configuration process. The -dependencies required to run this tool are +dependencies required to run this script are [GNU `getopt`](https://github.com/util-linux/util-linux/blob/master/misc-utils/getopt.1.adoc), [`pyenv`](https://github.com/pyenv/pyenv), and [`pyenv-virtualenv`](https://github.com/pyenv/pyenv-virtualenv). If these tools are already configured on your system, you can simply run the From 3acc8d6a17360221d6c59c306db1a14a98b48b8b Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 26 Feb 2024 10:04:42 -0600 Subject: [PATCH 064/104] Check for pyenv earlier in the script Since the new function, python_versions expects pyenv to be installed it makes sense to have it checked earlier in the script. --- setup-env | 72 +++++++++++++++++++++++++++---------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/setup-env b/setup-env index f7ce620..3898ca8 100755 --- a/setup-env +++ b/setup-env @@ -80,6 +80,42 @@ END_OF_LINE exit 1 fi +# Check to see if pyenv is installed +if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ]; }; then + echo "pyenv and pyenv-virtualenv are required." + if [[ "$OSTYPE" == "darwin"* ]]; then + cat << 'END_OF_LINE' + + On the Mac, we recommend installing brew, https://brew.sh/. Then installation + is as simple as `brew install pyenv pyenv-virtualenv` and adding this to your + profile: + + eval "$(pyenv init -)" + eval "$(pyenv virtualenv-init -)" + +END_OF_LINE + + fi + cat << 'END_OF_LINE' + For Linux, Windows Subsystem for Linux (WSL), or on the Mac (if you don't want + to use "brew") you can use https://github.com/pyenv/pyenv-installer to install + the necessary tools. Before running this ensure that you have installed the + prerequisites for your platform according to the pyenv wiki page, + https://github.com/pyenv/pyenv/wiki/common-build-problems. + + On WSL you should treat your platform as whatever Linux distribution you've + chosen to install. + + Once you have installed "pyenv" you will need to add the following lines to + your ".bashrc": + + export PATH="$PATH:$HOME/.pyenv/bin" + eval "$(pyenv init -)" + eval "$(pyenv virtualenv-init -)" +END_OF_LINE + exit 1 +fi + # Use GNU getopt to parse options if ! PARSED=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS --name "$0" -- "$@"); then echo "Error parsing options" @@ -135,42 +171,6 @@ while true; do esac done -# Check to see if pyenv is installed -if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ]; }; then - echo "pyenv and pyenv-virtualenv are required." - if [[ "$OSTYPE" == "darwin"* ]]; then - cat << 'END_OF_LINE' - - On the Mac, we recommend installing brew, https://brew.sh/. Then installation - is as simple as `brew install pyenv pyenv-virtualenv` and adding this to your - profile: - - eval "$(pyenv init -)" - eval "$(pyenv virtualenv-init -)" - -END_OF_LINE - - fi - cat << 'END_OF_LINE' - For Linux, Windows Subsystem for Linux (WSL), or on the Mac (if you don't want - to use "brew") you can use https://github.com/pyenv/pyenv-installer to install - the necessary tools. Before running this ensure that you have installed the - prerequisites for your platform according to the pyenv wiki page, - https://github.com/pyenv/pyenv/wiki/common-build-problems. - - On WSL you should treat your platform as whatever Linux distribution you've - chosen to install. - - Once you have installed "pyenv" you will need to add the following lines to - your ".bashrc": - - export PATH="$PATH:$HOME/.pyenv/bin" - eval "$(pyenv init -)" - eval "$(pyenv virtualenv-init -)" -END_OF_LINE - exit 1 -fi - # Determine the virtual environment name if [ -n "$VENV_NAME" ]; then # Use the user-provided environment name From b377ce71fa3dd5f56697d415c5230f3fe18e8090 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 26 Feb 2024 11:02:39 -0600 Subject: [PATCH 065/104] Explain -r and -p in Python version prompt --- setup-env | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 3898ca8..5c2b580 100755 --- a/setup-env +++ b/setup-env @@ -180,10 +180,12 @@ else env_name=${PWD##*/} fi -# List Python versions and select one interactively +# List Python versions and select one interactively. if [ $LIST_VERSIONS -ne 0 ]; then echo Available Python versions: python_versions + # Read the user's desired Python version. + # -r: treat backslashes as literal, -p: display prompt before input. read -r -p "Enter the desired Python version: " PYTHON_VERSION # Check the Python versions being passed in. if [ -n "${PYTHON_VERSION+x}" ]; then From 74838a256e134e00208a23bb6dded7012cfb8534 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Mon, 26 Feb 2024 11:58:44 -0600 Subject: [PATCH 066/104] Refine exit code to 64 with gnu-getopt note - Set exit code to 64 per sysexits.h for clarity. - Added comment on gnu-getopt handling. Aligns with Unix standards and enhances readability. --- setup-env | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 5c2b580..549c079 100755 --- a/setup-env +++ b/setup-env @@ -165,8 +165,9 @@ while true; do break ;; *) + # Unreachable due to gnu-getopt handling all options echo "Programming error" - exit 3 + exit 64 ;; esac done From 487126e34bd85e231b7021b70d225154694ad24d Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 28 Feb 2024 06:32:35 -0600 Subject: [PATCH 067/104] Rename gnu-getopt tool to GNU getopt formula Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 549c079..d2db6e2 100755 --- a/setup-env +++ b/setup-env @@ -165,7 +165,7 @@ while true; do break ;; *) - # Unreachable due to gnu-getopt handling all options + # Unreachable due to GNU getopt handling all options echo "Programming error" exit 64 ;; From 6c82a8d1bb86a90f0e903dd2d90efdb6198fba33 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 28 Feb 2024 07:49:16 -0600 Subject: [PATCH 068/104] Fix whitespace for usage menu Co-authored-by: Shane Frasier --- setup-env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup-env b/setup-env index d2db6e2..c93eb25 100755 --- a/setup-env +++ b/setup-env @@ -28,8 +28,8 @@ Options: -i | --install-hooks Install hook environments for all environments in the pre-commit config file. -l | --list-versions List available Python versions and select one interactively. - -v | --venv-name Specify the name of the virtual environment. - -p | --python-version Specify the Python version for the virtual environment. + -v | --venv-name Specify the name of the virtual environment. + -p | --python-version Specify the Python version for the virtual environment. END_OF_LINE ) From 324f6d426a149cb2c7bfc30ffcf7c1810b8ae1fa Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 28 Feb 2024 11:26:24 -0600 Subject: [PATCH 069/104] Add link to brew terminology Co-authored-by: dav3r --- CONTRIBUTING.md | 2 +- setup-env | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index cdab589..bc32a55 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -69,7 +69,7 @@ adding this to your profile: ```bash # GNU getopt must be explicitly added to the path since it is -# keg-only +# keg-only (https://docs.brew.sh/FAQ#what-does-keg-only-mean) export PATH="$(brew --prefix)/opt/gnu-getopt/bin:$PATH" # Setup pyenv diff --git a/setup-env b/setup-env index c93eb25..bb689f3 100755 --- a/setup-env +++ b/setup-env @@ -74,7 +74,7 @@ if [[ $(getopt --version 2> /dev/null) != *"getopt from util-linux"* ]]; then export PATH="$(brew --prefix)/opt/gnu-getopt/bin:$PATH" GNU getopt must be explicitly added to the PATH since it - is keg-only. + is keg-only (https://docs.brew.sh/FAQ#what-does-keg-only-mean). END_OF_LINE exit 1 From a26d0e36f0c33a7f472b91d66697e4cecb8f9557 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 28 Feb 2024 15:52:20 -0600 Subject: [PATCH 070/104] Rephrase comment to improve clarity Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index bb689f3..3fddb36 100755 --- a/setup-env +++ b/setup-env @@ -16,7 +16,7 @@ It does the following: - Configures the activation of the virtual enviroment for the repo directory. - Installs the requirements needed for development. - Installs git pre-commit hooks. - - Configures git upstream remote "lineage" repositories. + - Configures git remotes for upstream "lineage" repositories. Usage: setup-env [--venv-name virtual_env_name] [--python-version python_version] From 05108705fa4120db51f261ad59347bb01134eafc Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 28 Feb 2024 15:58:43 -0600 Subject: [PATCH 071/104] Improve comment for clarity Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 3fddb36..c8680ea 100755 --- a/setup-env +++ b/setup-env @@ -34,7 +34,7 @@ Options: END_OF_LINE ) -# Display installed python versions +# Display pyenv's installed Python versions python_versions() { pyenv versions --bare --skip-aliases --skip-envs } From 01abde6f580cf549d77c81af9378d4a18812fa8f Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 28 Feb 2024 16:03:47 -0600 Subject: [PATCH 072/104] Improve verbiage in comment --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index c8680ea..534d47f 100755 --- a/setup-env +++ b/setup-env @@ -217,7 +217,7 @@ fi # Create a new virtual environment for this project # -# If $PYTHON_VERSION is undefined then the system Python will be used. +# If $PYTHON_VERSION is undefined then the global version of Python will be used. # # We can't quote ${PYTHON_VERSION:=} below since if the variable is # undefined then we want nothing to appear; this is the reason for the From 0989d17f49a089e03e23b72ab638595d538add3f Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Wed, 28 Feb 2024 16:09:15 -0600 Subject: [PATCH 073/104] Change comments for macOS and venv_name --- CONTRIBUTING.md | 4 ++-- setup-env | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bc32a55..617db85 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -63,7 +63,7 @@ environment. #### Installing and using GNU `getopt`, `pyenv`, and `pyenv-virtualenv` #### -On the Mac, we recommend installing [brew](https://brew.sh/). Then +On macOS, we recommend installing [brew](https://brew.sh/). Then installation is as simple as `brew install gnu-getopt pyenv pyenv-virtualenv` and adding this to your profile: @@ -80,7 +80,7 @@ eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" ``` -For Linux, Windows Subsystem for Linux (WSL), or on the Mac (if you +For Linux, Windows Subsystem for Linux (WSL), or on macOS (if you don't want to use `brew`) you can use [pyenv/pyenv-installer](https://github.com/pyenv/pyenv-installer) to install the necessary tools. Before running this ensure that you have diff --git a/setup-env b/setup-env index 534d47f..d2cd111 100755 --- a/setup-env +++ b/setup-env @@ -19,7 +19,7 @@ It does the following: - Configures git remotes for upstream "lineage" repositories. Usage: - setup-env [--venv-name virtual_env_name] [--python-version python_version] + setup-env [--venv-name venv_name] [--python-version python_version] setup-env (-h | --help) Options: @@ -67,7 +67,7 @@ if [[ $(getopt --version 2> /dev/null) != *"getopt from util-linux"* ]]; then as a system might have a non-GNU version of getopt installed by default, which could lead to unexpected behavior. - On the Mac, we recommend installing brew (https://brew.sh/). Then installation + On macOS, we recommend installing brew (https://brew.sh/). Then installation is as simple as `brew install gnu-getopt` and adding this to your profile: @@ -86,7 +86,7 @@ if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && if [[ "$OSTYPE" == "darwin"* ]]; then cat << 'END_OF_LINE' - On the Mac, we recommend installing brew, https://brew.sh/. Then installation + On macOS, we recommend installing brew, https://brew.sh/. Then installation is as simple as `brew install pyenv pyenv-virtualenv` and adding this to your profile: @@ -97,7 +97,7 @@ END_OF_LINE fi cat << 'END_OF_LINE' - For Linux, Windows Subsystem for Linux (WSL), or on the Mac (if you don't want + For Linux, Windows Subsystem for Linux (WSL), or on mac OS (if you don't want to use "brew") you can use https://github.com/pyenv/pyenv-installer to install the necessary tools. Before running this ensure that you have installed the prerequisites for your platform according to the pyenv wiki page, From a9c6ed88c3c993db890a09ece5433b33e5d5d206 Mon Sep 17 00:00:00 2001 From: Michael Saki Date: Thu, 29 Feb 2024 09:19:01 -0600 Subject: [PATCH 074/104] Improve comments for clarity Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- CONTRIBUTING.md | 2 +- setup-env | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 617db85..f9fa53a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -80,7 +80,7 @@ eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" ``` -For Linux, Windows Subsystem for Linux (WSL), or on macOS (if you +For Linux, Windows Subsystem for Linux (WSL), or macOS (if you don't want to use `brew`) you can use [pyenv/pyenv-installer](https://github.com/pyenv/pyenv-installer) to install the necessary tools. Before running this ensure that you have diff --git a/setup-env b/setup-env index d2cd111..3a22d43 100755 --- a/setup-env +++ b/setup-env @@ -97,7 +97,7 @@ END_OF_LINE fi cat << 'END_OF_LINE' - For Linux, Windows Subsystem for Linux (WSL), or on mac OS (if you don't want + For Linux, Windows Subsystem for Linux (WSL), or macOS (if you don't want to use "brew") you can use https://github.com/pyenv/pyenv-installer to install the necessary tools. Before running this ensure that you have installed the prerequisites for your platform according to the pyenv wiki page, @@ -217,7 +217,7 @@ fi # Create a new virtual environment for this project # -# If $PYTHON_VERSION is undefined then the global version of Python will be used. +# If $PYTHON_VERSION is undefined then the current pyenv Python version will be used. # # We can't quote ${PYTHON_VERSION:=} below since if the variable is # undefined then we want nothing to appear; this is the reason for the From e58dde5cfbf6f64805d870407795c940e7e61d5f Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 1 Mar 2024 14:19:23 -0500 Subject: [PATCH 075/104] Make the default scenario systemd-enabled --- molecule/default/molecule-no-systemd.yml | 44 ---------- molecule/default/molecule-with-systemd.yml | 97 --------------------- molecule/default/molecule.yml | 98 +++++++++++++++++++++- 3 files changed, 97 insertions(+), 142 deletions(-) delete mode 100644 molecule/default/molecule-no-systemd.yml delete mode 100644 molecule/default/molecule-with-systemd.yml mode change 120000 => 100644 molecule/default/molecule.yml diff --git a/molecule/default/molecule-no-systemd.yml b/molecule/default/molecule-no-systemd.yml deleted file mode 100644 index d7555d4..0000000 --- a/molecule/default/molecule-no-systemd.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This molecule configuration file is suitable for testing Ansible -# roles that _do not_ require SystemD. If your Ansible role _does_ -# require SystemD then you should use molecule-with-systemd.yml -# instead. -# -# Note that the molecule configuration file that is symlinked to -# molecule.yml is the one that will be used. -dependency: - name: galaxy -driver: - name: docker -platforms: - - image: amazonlinux:2023 - name: amazonlinux2023 - platform: amd64 - - image: debian:buster-slim - name: debian10 - platform: amd64 - - image: debian:bullseye-slim - name: debian11 - platform: amd64 - - image: debian:bookworm-slim - name: debian12 - platform: amd64 - - image: kalilinux/kali-rolling - name: kali - platform: amd64 - - image: fedora:37 - name: fedora37 - platform: amd64 - - image: fedora:38 - name: fedora38 - platform: amd64 - - image: ubuntu:focal - name: ubuntu20 - platform: amd64 - - image: ubuntu:jammy - name: ubuntu22 - platform: amd64 -scenario: - name: default -verifier: - name: testinfra diff --git a/molecule/default/molecule-with-systemd.yml b/molecule/default/molecule-with-systemd.yml deleted file mode 100644 index 8039782..0000000 --- a/molecule/default/molecule-with-systemd.yml +++ /dev/null @@ -1,97 +0,0 @@ ---- -# This molecule configuration file is suitable for testing Ansible -# roles that _do_ require SystemD. If your Ansible role _does not_ -# require SystemD then you should use molecule-no-systemd.yml instead. -# -# Note that the molecule configuration file that is symlinked to -# molecule.yml is the one that will be used. -dependency: - name: galaxy -driver: - name: docker -platforms: - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-amazonlinux2023-ansible:latest - name: amazonlinux2023-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-debian10-ansible:latest - name: debian10-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-debian11-ansible:latest - name: debian11-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: cisagov/docker-debian12-ansible:latest - name: debian12-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: cisagov/docker-kali-ansible:latest - name: kali-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-fedora37-ansible:latest - name: fedora37-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-fedora38-ansible:latest - name: fedora38-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-ubuntu2004-ansible:latest - name: ubuntu-20-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-ubuntu2204-ansible:latest - name: ubuntu-22-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw -scenario: - name: default -verifier: - name: testinfra diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml deleted file mode 120000 index 35a50fd..0000000 --- a/molecule/default/molecule.yml +++ /dev/null @@ -1 +0,0 @@ -molecule-no-systemd.yml \ No newline at end of file diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..8039782 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,97 @@ +--- +# This molecule configuration file is suitable for testing Ansible +# roles that _do_ require SystemD. If your Ansible role _does not_ +# require SystemD then you should use molecule-no-systemd.yml instead. +# +# Note that the molecule configuration file that is symlinked to +# molecule.yml is the one that will be used. +dependency: + name: galaxy +driver: + name: docker +platforms: + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-amazonlinux2023-ansible:latest + name: amazonlinux2023-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-debian10-ansible:latest + name: debian10-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-debian11-ansible:latest + name: debian11-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: cisagov/docker-debian12-ansible:latest + name: debian12-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: cisagov/docker-kali-ansible:latest + name: kali-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-fedora37-ansible:latest + name: fedora37-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-fedora38-ansible:latest + name: fedora38-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-ubuntu2004-ansible:latest + name: ubuntu-20-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: geerlingguy/docker-ubuntu2204-ansible:latest + name: ubuntu-22-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw +scenario: + name: default +verifier: + name: testinfra From 292b0c340cb1cdcc703cf1632161cde9aa206749 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 1 Mar 2024 14:20:45 -0500 Subject: [PATCH 076/104] Remove the systemd_enabled scenario --- .github/workflows/build.yml | 1 - molecule/systemd_enabled/INSTALL.rst | 1 - molecule/systemd_enabled/converge.yml | 1 - .../systemd_enabled/molecule-no-systemd.yml | 1 - .../systemd_enabled/molecule-with-systemd.yml | 1 - molecule/systemd_enabled/molecule.yml | 97 ------------------- molecule/systemd_enabled/prepare.yml | 1 - molecule/systemd_enabled/requirements.yml | 1 - .../systemd_enabled/tests/test_default.py | 1 - molecule/systemd_enabled/upgrade.yml | 1 - 10 files changed, 106 deletions(-) delete mode 120000 molecule/systemd_enabled/INSTALL.rst delete mode 120000 molecule/systemd_enabled/converge.yml delete mode 120000 molecule/systemd_enabled/molecule-no-systemd.yml delete mode 120000 molecule/systemd_enabled/molecule-with-systemd.yml delete mode 100644 molecule/systemd_enabled/molecule.yml delete mode 120000 molecule/systemd_enabled/prepare.yml delete mode 120000 molecule/systemd_enabled/requirements.yml delete mode 120000 molecule/systemd_enabled/tests/test_default.py delete mode 120000 molecule/systemd_enabled/upgrade.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index be2fff7..2a79d87 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -149,7 +149,6 @@ jobs: matrix: scenario: - default - - systemd_enabled steps: - id: harden-runner name: Harden the runner diff --git a/molecule/systemd_enabled/INSTALL.rst b/molecule/systemd_enabled/INSTALL.rst deleted file mode 120000 index 42b71d5..0000000 --- a/molecule/systemd_enabled/INSTALL.rst +++ /dev/null @@ -1 +0,0 @@ -../default/INSTALL.rst \ No newline at end of file diff --git a/molecule/systemd_enabled/converge.yml b/molecule/systemd_enabled/converge.yml deleted file mode 120000 index 73cb8da..0000000 --- a/molecule/systemd_enabled/converge.yml +++ /dev/null @@ -1 +0,0 @@ -../default/converge.yml \ No newline at end of file diff --git a/molecule/systemd_enabled/molecule-no-systemd.yml b/molecule/systemd_enabled/molecule-no-systemd.yml deleted file mode 120000 index 6b254f5..0000000 --- a/molecule/systemd_enabled/molecule-no-systemd.yml +++ /dev/null @@ -1 +0,0 @@ -../default/molecule-no-systemd.yml \ No newline at end of file diff --git a/molecule/systemd_enabled/molecule-with-systemd.yml b/molecule/systemd_enabled/molecule-with-systemd.yml deleted file mode 120000 index 29dc0fa..0000000 --- a/molecule/systemd_enabled/molecule-with-systemd.yml +++ /dev/null @@ -1 +0,0 @@ -../default/molecule-with-systemd.yml \ No newline at end of file diff --git a/molecule/systemd_enabled/molecule.yml b/molecule/systemd_enabled/molecule.yml deleted file mode 100644 index 46056c2..0000000 --- a/molecule/systemd_enabled/molecule.yml +++ /dev/null @@ -1,97 +0,0 @@ ---- -# This molecule configuration file is suitable for testing Ansible -# roles that _do_ require SystemD. If your Ansible role _does not_ -# require SystemD then you should use molecule-no-systemd.yml instead. -# -# Note that the molecule configuration file that is symlinked to -# molecule.yml is the one that will be used. -dependency: - name: galaxy -driver: - name: docker -platforms: - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-amazonlinux2023-ansible:latest - name: amazonlinux2023-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-debian10-ansible:latest - name: debian10-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-debian11-ansible:latest - name: debian11-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: cisagov/docker-debian12-ansible:latest - name: debian12-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: cisagov/docker-kali-ansible:latest - name: kali-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-fedora37-ansible:latest - name: fedora37-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-fedora38-ansible:latest - name: fedora38-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-ubuntu2004-ansible:latest - name: ubuntu-20-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: geerlingguy/docker-ubuntu2204-ansible:latest - name: ubuntu-22-systemd - platform: amd64 - pre_build_image: yes - privileged: yes - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw -scenario: - name: systemd_enabled -verifier: - name: testinfra diff --git a/molecule/systemd_enabled/prepare.yml b/molecule/systemd_enabled/prepare.yml deleted file mode 120000 index 1c017d9..0000000 --- a/molecule/systemd_enabled/prepare.yml +++ /dev/null @@ -1 +0,0 @@ -../default/prepare.yml \ No newline at end of file diff --git a/molecule/systemd_enabled/requirements.yml b/molecule/systemd_enabled/requirements.yml deleted file mode 120000 index b6f4a01..0000000 --- a/molecule/systemd_enabled/requirements.yml +++ /dev/null @@ -1 +0,0 @@ -../default/requirements.yml \ No newline at end of file diff --git a/molecule/systemd_enabled/tests/test_default.py b/molecule/systemd_enabled/tests/test_default.py deleted file mode 120000 index bc5a562..0000000 --- a/molecule/systemd_enabled/tests/test_default.py +++ /dev/null @@ -1 +0,0 @@ -../../default/tests/test_default.py \ No newline at end of file diff --git a/molecule/systemd_enabled/upgrade.yml b/molecule/systemd_enabled/upgrade.yml deleted file mode 120000 index 47a9638..0000000 --- a/molecule/systemd_enabled/upgrade.yml +++ /dev/null @@ -1 +0,0 @@ -../default/upgrade.yml \ No newline at end of file From d8b06f3423b64c365215c2e6264a57856c1e70f0 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 1 Mar 2024 13:25:39 -0500 Subject: [PATCH 077/104] Allow ansible versions greater than 6 Ansible 9 appears to function without issue. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- requirements-test.txt | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/requirements-test.txt b/requirements-test.txt index f2dba15..0d2567a 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -6,8 +6,14 @@ # 2.10 or newer. # # We need at least version 6 to correctly identify Amazon Linux 2023 -# as using the dnf package manager. -ansible>=6,<7 +# as using the dnf package manager, and version 8 is currently the +# oldest supported version. +# +# We have tested against version 9. We want to avoid automatically +# jumping to another major version without testing, since there are +# often breaking changes across major versions. This is the reason +# for the upper bound. +ansible>=8,<10 # With the release of molecule v5 there were some breaking changes so # we need to pin at v5 or newer. However, v5.0.0 had an internal # dependency issue so we must use the bugfix release as the actual From 02e1530f33ac5074fed2c66f3fba61ccde86410d Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Mon, 4 Mar 2024 10:20:13 -0500 Subject: [PATCH 078/104] Remove comment that is now unnecessary Co-authored-by: Michael Saki --- molecule/default/molecule.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 8039782..c6cf02f 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,10 +1,4 @@ --- -# This molecule configuration file is suitable for testing Ansible -# roles that _do_ require SystemD. If your Ansible role _does not_ -# require SystemD then you should use molecule-no-systemd.yml instead. -# -# Note that the molecule configuration file that is symlinked to -# molecule.yml is the one that will be used. dependency: name: galaxy driver: From 0f82722cc61933bd1485f006b856dd0582076182 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 4 Mar 2024 16:46:28 -0500 Subject: [PATCH 079/104] Use the full path for source Docker images This ensures that when a Docker image is pulled for molecule's testing the expected source image is used regardless of what registry is configured as the default on the host system. This will also make it trivial to convert to using the GitHub Container Registry or any other Open Container Initiative (OCI) container registry for source images. --- molecule/default/molecule.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index c6cf02f..12ec2cc 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -6,7 +6,7 @@ driver: platforms: - cgroupns_mode: host command: /lib/systemd/systemd - image: geerlingguy/docker-amazonlinux2023-ansible:latest + image: docker.io/geerlingguy/docker-amazonlinux2023-ansible:latest name: amazonlinux2023-systemd platform: amd64 pre_build_image: true @@ -15,7 +15,7 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd - image: geerlingguy/docker-debian10-ansible:latest + image: docker.io/geerlingguy/docker-debian10-ansible:latest name: debian10-systemd platform: amd64 pre_build_image: true @@ -24,7 +24,7 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd - image: geerlingguy/docker-debian11-ansible:latest + image: docker.io/geerlingguy/docker-debian11-ansible:latest name: debian11-systemd platform: amd64 pre_build_image: true @@ -33,7 +33,7 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd - image: cisagov/docker-debian12-ansible:latest + image: docker.io/cisagov/docker-debian12-ansible:latest name: debian12-systemd platform: amd64 pre_build_image: true @@ -42,7 +42,7 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd - image: cisagov/docker-kali-ansible:latest + image: docker.io/cisagov/docker-kali-ansible:latest name: kali-systemd platform: amd64 pre_build_image: true @@ -51,7 +51,7 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd - image: geerlingguy/docker-fedora37-ansible:latest + image: docker.io/geerlingguy/docker-fedora37-ansible:latest name: fedora37-systemd platform: amd64 pre_build_image: true @@ -60,7 +60,7 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd - image: geerlingguy/docker-fedora38-ansible:latest + image: docker.io/geerlingguy/docker-fedora38-ansible:latest name: fedora38-systemd platform: amd64 pre_build_image: true @@ -69,7 +69,7 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd - image: geerlingguy/docker-ubuntu2004-ansible:latest + image: docker.io/geerlingguy/docker-ubuntu2004-ansible:latest name: ubuntu-20-systemd platform: amd64 pre_build_image: true @@ -78,7 +78,7 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd - image: geerlingguy/docker-ubuntu2204-ansible:latest + image: docker.io/geerlingguy/docker-ubuntu2204-ansible:latest name: ubuntu-22-systemd platform: amd64 pre_build_image: true From b9c729f6159defe55490d2198390ba2ceab5924f Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 4 Jan 2024 15:03:15 -0500 Subject: [PATCH 080/104] Update pre-commit hook versions This is done automatically with the `pre-commit autoupdate` command. The pre-commit/mirrors-prettier was manually held back because the latest tags are for alpha releases of the next major version. --- .pre-commit-config.yaml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 34f0253..e7f5d0a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,7 +5,7 @@ default_language_version: repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.5.0 hooks: - id: check-case-conflict - id: check-executables-have-shebangs @@ -31,7 +31,7 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.36.0 + rev: v0.39.0 hooks: - id: markdownlint args: @@ -41,7 +41,7 @@ repos: hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint - rev: v1.32.0 + rev: v1.35.1 hooks: - id: yamllint args: @@ -49,14 +49,14 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.26.3 + rev: 0.28.0 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v3.4.0 + rev: v3.6.2 hooks: - id: validate_manifest @@ -107,44 +107,44 @@ repos: # Python hooks - repo: https://github.com/PyCQA/bandit - rev: 1.7.5 + rev: 1.7.7 hooks: - id: bandit args: - --config=.bandit.yml - repo: https://github.com/psf/black-pre-commit-mirror - rev: 23.9.1 + rev: 24.2.0 hooks: - id: black - repo: https://github.com/PyCQA/flake8 - rev: 6.1.0 + rev: 7.0.0 hooks: - id: flake8 additional_dependencies: - flake8-docstrings - repo: https://github.com/PyCQA/isort - rev: 5.12.0 + rev: 5.13.2 hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.5.1 + rev: v1.8.0 hooks: - id: mypy - repo: https://github.com/asottile/pyupgrade - rev: v3.10.1 + rev: v3.15.1 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible/ansible-lint - rev: v6.19.0 + rev: v24.2.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.83.2 + rev: v1.88.0 hooks: - id: terraform_fmt - id: terraform_validate From 4c933958bca75c291bcb3b28fa1ba821d1d1f6f5 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Thu, 4 Jan 2024 15:08:30 -0500 Subject: [PATCH 081/104] Manually update the prettier hook The hook is manually updated to the last v3 tag available from the pre-commit/mirrors-prettier repository. We then add the latest release of v3 available from NPM as an additional depdency. --- .pre-commit-config.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e7f5d0a..8e3941d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -37,9 +37,16 @@ repos: args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.3 + # This is the last version of v3 available from the mirror. We should hold + # here until v4, which is currently in alpha, is more stable. + rev: v3.1.0 hooks: - id: prettier + # This is the latest version of v3 available from NPM. The pre-commit + # mirror does not pull tags for old major versions once a new major + # version tag is published. + additional_dependencies: + - prettier@3.2.5 - repo: https://github.com/adrienverge/yamllint rev: v1.35.1 hooks: From 7169dcf65670f1d42b9498b68624a1638de08531 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Sat, 11 Nov 2023 16:20:14 -0500 Subject: [PATCH 082/104] Use Python and Go versions provided by cisagov/setup-env-github-action --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4911745..de6937d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -59,7 +59,7 @@ jobs: - id: setup-python uses: actions/setup-python@v5 with: - python-version: "3.11" + python-version: ${{ steps.setup-env.outputs.python-version }} # We need the Go version and Go cache location for the actions/cache step, # so the Go installation must happen before that. - id: setup-go @@ -68,7 +68,7 @@ jobs: # There is no expectation for actual Go code so we disable caching as # it relies on the existence of a go.sum file. cache: false - go-version: "1.20" + go-version: ${{ steps.setup-env.outputs.go-version }} - id: go-cache name: Lookup Go cache directory run: | From 035cf86cf76f40ed8b4bf67ff1b14c420701e145 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 27 Feb 2024 17:17:39 -0500 Subject: [PATCH 083/104] Switch pre-commit hooks for running shellcheck This hook bundles the binaries for shellcheck with a Python package which removes the need to ensure the tool is installed for the hook to function. It also ties the version of shellcheck used to the hook which will help guarantee consistency. --- .pre-commit-config.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1d12a0d..2c5b3c8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -115,10 +115,10 @@ repos: - --case-indent # Redirect operators are followed by a space - --space-redirects - - repo: https://github.com/detailyang/pre-commit-shell - rev: 1.0.5 + - repo: https://github.com/shellcheck-py/shellcheck-py + rev: v0.9.0.6 hooks: - - id: shell-lint + - id: shellcheck # Python hooks - repo: https://github.com/PyCQA/bandit From 26a5154fa6f5de58a72d67409f00c4eaf7d08cf1 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 6 Mar 2024 09:46:13 -0500 Subject: [PATCH 084/104] Use Python version output from setup-env --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 154bae7..270cefa 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -187,7 +187,7 @@ jobs: - id: setup-python uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: ${{ steps.setup-env.outputs.python-version }} - uses: actions/cache@v3 env: BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\ From 88b5bc2266a020f39ba3572c562f86e2cbc0d1ae Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 6 Mar 2024 09:48:20 -0500 Subject: [PATCH 085/104] Reorder YAML keys to placate ansible-lint --- molecule/default/upgrade.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/molecule/default/upgrade.yml b/molecule/default/upgrade.yml index 14cf86b..356f84e 100644 --- a/molecule/default/upgrade.yml +++ b/molecule/default/upgrade.yml @@ -1,6 +1,6 @@ --- -- hosts: all - name: Upgrade base image +- name: Upgrade base image + hosts: all become: true become_method: ansible.builtin.sudo tasks: From 3a41b57b587f0ca3f987d208572fc47d5feff730 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Tue, 19 Mar 2024 17:12:51 -0400 Subject: [PATCH 086/104] Remove needless Dependabot ignore directive The pin against ansible-lint was removed in commit 32993325e11d482e078e05d27c3269e6401a8f53, so there is no longer any need for the Dependabot ignore directive. --- .github/dependabot.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 75be706..965ea20 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -27,7 +27,6 @@ updates: # ignore: # # Managed by cisagov/skeleton-ansible-role # - dependency-name: ansible - # - dependency-name: ansible-lint package-ecosystem: pip schedule: interval: weekly From 48ed909dacd4fdfb7e1cac3fe1a427e3754603e3 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 27 Mar 2024 01:14:08 -0400 Subject: [PATCH 087/104] Ensure all actions/setup-python uses are the same version --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 270cefa..998d37e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -185,7 +185,7 @@ jobs: egress-policy: audit - uses: actions/checkout@v4 - id: setup-python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ steps.setup-env.outputs.python-version }} - uses: actions/cache@v3 From 25fbe5691b42f0d540ba75094986b968d6845f3d Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 18 Dec 2023 01:25:17 -0500 Subject: [PATCH 088/104] Add new, disabled dependabot ignore directive Add github/codeql-action to the github-actions ignore directives as it is used in the CodeQL workflow. It is commented out in this project and will be un-commented in downstream repositories so that only cisagov/skeleton-ansible-role will have dependabot PRs created for this dependency. --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 75be706..b323c24 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -19,6 +19,8 @@ updates: - dependency-name: hashicorp/setup-terraform - dependency-name: mxschmitt/action-tmate - dependency-name: step-security/harden-runner + # # Managed by cisagov/skeleton-ansible-role + # - dependency-name: github/codeql-action package-ecosystem: github-actions schedule: interval: weekly From 73cb5121b329af01dc831232adf8b9beac59f504 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Sun, 10 Mar 2024 12:18:09 -0400 Subject: [PATCH 089/104] Pin ansible-core to earlier than 2.16.3 ansible-core 2.16.3 and later suffer from the bug discussed in ansible/ansible#82702, which breaks any symlinked files in vars, tasks, etc. for any Ansible role installed via ansible-galaxy. --- requirements-test.txt | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/requirements-test.txt b/requirements-test.txt index 0d2567a..cd57a8a 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -14,6 +14,15 @@ # often breaking changes across major versions. This is the reason # for the upper bound. ansible>=8,<10 +# TODO: Remove this pin when possible. See +# cisagov/skeleton-ansible-role#178 for more details. +# +# ansible-core 2.16.3 and later suffer from the bug discussed in +# ansible/ansible#82702, which breaks any symlinked files in vars, +# tasks, etc. for any Ansible role installed via ansible-galaxy. +# +# See also cisagov/skeleton-packer##312. +ansible-core<2.16.3 # With the release of molecule v5 there were some breaking changes so # we need to pin at v5 or newer. However, v5.0.0 had an internal # dependency issue so we must use the bugfix release as the actual From 097026da88e9589c0e516eee69c4507e51b5d8c0 Mon Sep 17 00:00:00 2001 From: Shane Frasier Date: Sun, 10 Mar 2024 15:11:51 -0400 Subject: [PATCH 090/104] Remove duplicated octothorpe Co-authored-by: dav3r --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index cd57a8a..09f58a0 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -21,7 +21,7 @@ ansible>=8,<10 # ansible/ansible#82702, which breaks any symlinked files in vars, # tasks, etc. for any Ansible role installed via ansible-galaxy. # -# See also cisagov/skeleton-packer##312. +# See also cisagov/skeleton-packer#312. ansible-core<2.16.3 # With the release of molecule v5 there were some breaking changes so # we need to pin at v5 or newer. However, v5.0.0 had an internal From c61ebc76ac5eb52de6e4ed360b61ff20282df74c Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Tue, 19 Mar 2024 15:18:17 -0400 Subject: [PATCH 091/104] Add a Dependabot ignore directive for downstream repository Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- .github/dependabot.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3e24179..986c3cb 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -29,6 +29,7 @@ updates: # ignore: # # Managed by cisagov/skeleton-ansible-role # - dependency-name: ansible + # - dependency-name: ansible-core package-ecosystem: pip schedule: interval: weekly From 9949fc8b7330295c37c8cd99ac6aa421ddef7e91 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 13 Oct 2023 11:05:44 -0400 Subject: [PATCH 092/104] Add support for Debian Trixie --- meta/main.yml | 1 + molecule/default/molecule.yml | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/meta/main.yml b/meta/main.yml index a4323bb..0321430 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -28,6 +28,7 @@ galaxy_info: - buster - bullseye - bookworm + - trixie - name: Fedora versions: - "37" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 12ec2cc..b7a2ab4 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -40,6 +40,15 @@ platforms: privileged: true volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: docker.io/cisagov/docker-debian13-ansible:latest + name: debian13-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd image: docker.io/cisagov/docker-kali-ansible:latest From fb16c799691171f97dbd242d92c4746b874bb09d Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 27 Mar 2024 04:52:04 -0400 Subject: [PATCH 093/104] Use a different image for Debian Bookworm testing Now that geerlingguy/docker-debian12-ansible is available we can switch to it instead of using ours. --- molecule/default/molecule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index b7a2ab4..6a0d945 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -33,7 +33,7 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd - image: docker.io/cisagov/docker-debian12-ansible:latest + image: docker.io/geerlingguy/docker-debian12-ansible:latest name: debian12-systemd platform: amd64 pre_build_image: true From c116434f814c0ab9ae0ddc1885b7690e876d424e Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Tue, 30 Jan 2024 15:37:53 -0500 Subject: [PATCH 094/104] Remove the Fedora 37 platform Fedora 37 is EOL as of December 5, 2023. --- meta/main.yml | 1 - molecule/default/molecule.yml | 9 --------- 2 files changed, 10 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index a4323bb..202f57e 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -30,7 +30,6 @@ galaxy_info: - bookworm - name: Fedora versions: - - "37" - "38" - name: Kali versions: diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 12ec2cc..6ea23e6 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -49,15 +49,6 @@ platforms: privileged: true volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: docker.io/geerlingguy/docker-fedora37-ansible:latest - name: fedora37-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd image: docker.io/geerlingguy/docker-fedora38-ansible:latest From 7cb7ddf96323b39f4990af10fc6eaa3469d4254f Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Mon, 13 Nov 2023 10:37:29 -0500 Subject: [PATCH 095/104] Add support for Fedora 39 Fedora 39 was released on November 7, 2023. --- meta/main.yml | 1 + molecule/default/molecule.yml | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/meta/main.yml b/meta/main.yml index a4323bb..293a728 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -32,6 +32,7 @@ galaxy_info: versions: - "37" - "38" + - "39" - name: Kali versions: - "2023" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 12ec2cc..fabaa34 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -67,6 +67,15 @@ platforms: privileged: true volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: docker.io/geerlingguy/docker-fedora39-ansible:latest + name: fedora39-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd image: docker.io/geerlingguy/docker-ubuntu2004-ansible:latest From 8849c239ad561bfb1fbe02f853be4acf9f297b65 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 27 Mar 2024 03:44:38 -0400 Subject: [PATCH 096/104] Improve merge queue support in the CodeQL workflow This mirrors the changes in the build workflow inherited from cisagov/skeleton-generic. --- .github/workflows/codeql-analysis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e486a9d..cfba96f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -7,6 +7,9 @@ name: CodeQL on: + merge_group: + types: + - checks_requested push: # Dependabot triggered push events have read-only access, but uploading code # scanning requires write access. From ee9ef83a286c1eb49af3a128ba69958594b7c1f1 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 27 Mar 2024 06:35:03 -0400 Subject: [PATCH 097/104] Use cisagov/setup-env-github-action in the `test` job of the `build` workflow This is necessary to populate the Python version to use. --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1b7ff4e..b57fa87 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -182,6 +182,8 @@ jobs: uses: step-security/harden-runner@v2 with: egress-policy: audit + - id: setup-env + uses: cisagov/setup-env-github-action@develop - uses: actions/checkout@v4 - id: setup-python uses: actions/setup-python@v5 From 94713776848303679c8267a9a8c60a07d8eed5d0 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Thu, 28 Mar 2024 10:34:23 -0400 Subject: [PATCH 098/104] Remove duplicated instance of "ansible-galaxy" This is a typo. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 185153f..5d94d29 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ None. This role can be installed via the command: ```console -ansible-galaxy ansible-galaxy install --role-file path/to/requirements.yml +ansible-galaxy install --role-file path/to/requirements.yml ``` where `requirements.yml` looks like: From 521265e33de5a91262593b7395b0cc31c1546841 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Mon, 8 Apr 2024 16:36:51 -0400 Subject: [PATCH 099/104] Uncomment dependabot ignore directives --- .github/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a639361..e112ceb 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -19,8 +19,8 @@ updates: - dependency-name: hashicorp/setup-terraform - dependency-name: mxschmitt/action-tmate - dependency-name: step-security/harden-runner - # # Managed by cisagov/skeleton-ansible-role - # - dependency-name: github/codeql-action + # Managed by cisagov/skeleton-ansible-role + - dependency-name: github/codeql-action package-ecosystem: github-actions schedule: interval: weekly From 862151a6ab8447c34b668d039b9ee29f3358b90b Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Mon, 8 Apr 2024 16:37:42 -0400 Subject: [PATCH 100/104] Update repository reference in README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 55ea544..bc76f77 100644 --- a/README.md +++ b/README.md @@ -34,8 +34,8 @@ where `requirements.yml` looks like: ```yaml --- -- name: skeleton - src: https://github.com/cisagov/skeleton-ansible-role +- name: ufw + src: https://github.com/cisagov/ansible-role-ufw ``` and may contain other roles as well. From 896b2add0373500171845161c135cb937e8ff062 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Mon, 8 Apr 2024 16:38:29 -0400 Subject: [PATCH 101/104] Prefer true/false to yes/no in YAML files --- tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index 28c84e1..caf1308 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -73,4 +73,4 @@ - name: Enable the UFW service ansible.builtin.service: name: ufw - enabled: yes + enabled: true From 78f259722388bb3ceb599c3238e829a677492ba3 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 17 Apr 2024 15:12:17 -0400 Subject: [PATCH 102/104] Add platforms to test matrix This allows us to run each platform's Molecule tests separately. This at least makes it easier and faster to re-run platforms that sporadically fail. --- .github/workflows/build.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b57fa87..43143c3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -174,6 +174,16 @@ jobs: strategy: fail-fast: false matrix: + platform: + - debian10-systemd + - debian11-systemd + - debian12-systemd + - debian13-systemd + - kali-systemd + - fedora38-systemd + - fedora39-systemd + # - ubuntu-20-systemd + # - ubuntu-22-systemd scenario: - default steps: @@ -205,7 +215,9 @@ jobs: python -m pip install --upgrade pip pip install --upgrade --requirement requirements-test.txt - name: Run molecule tests - run: molecule test --scenario-name ${{ matrix.scenario }} + run: >- + molecule test --platform-name ${{ matrix.platform }} + --scenario-name ${{ matrix.scenario }} - name: Setup tmate debug session uses: mxschmitt/action-tmate@v3 if: env.RUN_TMATE From 465c33933a686e26d01ec4ca28c9d327245483e0 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 17 Apr 2024 15:17:46 -0400 Subject: [PATCH 103/104] Add back support for Ubuntu --- .github/workflows/build.yml | 4 ++-- meta/main.yml | 8 ++++---- molecule/default/molecule.yml | 36 +++++++++++++++++------------------ 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 43143c3..e06bd6f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -182,8 +182,8 @@ jobs: - kali-systemd - fedora38-systemd - fedora39-systemd - # - ubuntu-20-systemd - # - ubuntu-22-systemd + - ubuntu-20-systemd + - ubuntu-22-systemd scenario: - default steps: diff --git a/meta/main.yml b/meta/main.yml index 96abacc..f4928de 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -49,9 +49,9 @@ galaxy_info: # decision to remove Ubuntu support for now. I created this issue # to document the error: # https://github.com/cisagov/ansible-role-ufw/issues/3 - # - name: Ubuntu - # versions: - # - focal - # - jammy + - name: Ubuntu + versions: + - focal + - jammy role_name: ufw standalone: true diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index a728613..f1bc302 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -89,24 +89,24 @@ platforms: # remove Ubuntu support for now. I created this issue to document # the error: # https://github.com/cisagov/ansible-role-ufw/issues/3 - # - cgroupns_mode: host - # command: /lib/systemd/systemd - # image: docker.io/geerlingguy/docker-ubuntu2004-ansible:latest - # name: ubuntu-20-systemd - # platform: amd64 - # pre_build_image: true - # privileged: true - # volumes: - # - /sys/fs/cgroup:/sys/fs/cgroup:rw - # - cgroupns_mode: host - # command: /lib/systemd/systemd - # image: docker.io/geerlingguy/docker-ubuntu2204-ansible:latest - # name: ubuntu-22-systemd - # platform: amd64 - # pre_build_image: true - # privileged: true - # volumes: - # - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: docker.io/geerlingguy/docker-ubuntu2004-ansible:latest + name: ubuntu-20-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - cgroupns_mode: host + command: /lib/systemd/systemd + image: docker.io/geerlingguy/docker-ubuntu2204-ansible:latest + name: ubuntu-22-systemd + platform: amd64 + pre_build_image: true + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw scenario: name: default verifier: From 0af42e3fe8af11d4fea48621f28cbadc97e0b98c Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Tue, 23 Apr 2024 10:44:51 -0400 Subject: [PATCH 104/104] Drop support for Fedora and Ubuntu Focal For reasons I haven't been able to discern, the Fedora and Ubuntu Focal molecule tests work fine locally but fail in GitHub Actions due to being unable to perform some iptables operations. I would think this was due to some kernel module not being loaded in the underlying host instance, except that other platforms pass just fine in GitHub Actions. I've already spent too much time on this, and the role works just fine when building a Fedora AMI and we do not actually require Ubuntu Focal support, so I will make the executive decision to remove Fedora and Ubuntu Focal support for now. I created issue #3 to document this. --- .github/workflows/build.yml | 8 ++-- meta/main.yml | 42 ++++++++++++------- molecule/default/molecule.yml | 76 ++++++++++++++++++++--------------- 3 files changed, 76 insertions(+), 50 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e06bd6f..8053db2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -180,9 +180,11 @@ jobs: - debian12-systemd - debian13-systemd - kali-systemd - - fedora38-systemd - - fedora39-systemd - - ubuntu-20-systemd + # These platforms currently fail in GitHub Actions but pass + # locally. See issue #3 for more details. + # - fedora38-systemd + # - fedora39-systemd + # - ubuntu-20-systemd - ubuntu-22-systemd scenario: - default diff --git a/meta/main.yml b/meta/main.yml index f4928de..d348492 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -30,28 +30,40 @@ galaxy_info: - bullseye - bookworm - trixie - - name: Fedora - versions: - - "38" - - "39" - - name: Kali - versions: - - "2023" - # For reasons I haven't been able to discern, the Ubuntu molecule + # For reasons I haven't been able to discern, the Fedora molecule # tests work fine locally but fail in GitHub Actions due to being # unable to perform some iptables operations. I would think this # was due to some kernel module not being loaded in the underlying - # host instance, except that the non-Ubuntu platforms pass just - # fine in GitHub Actions. + # host instance, except that other platforms pass just fine in + # GitHub Actions. # - # I've already spent too much time on this, and we don't require - # the Ubuntu support right now, so I will make the executive - # decision to remove Ubuntu support for now. I created this issue - # to document the error: + # I've already spent too much time on this, and the role works + # just fine when building a Fedora AMI, so I will make the + # executive decision to remove Fedora support for now. I created + # this issue to document the error: # https://github.com/cisagov/ansible-role-ufw/issues/3 + # - name: Fedora + # versions: + # - "38" + # - "39" + - name: Kali + versions: + - "2023" - name: Ubuntu versions: - - focal + # For reasons I haven't been able to discern, the Ubuntu Focal + # molecule tests work fine locally but fail in GitHub Actions + # due to being unable to perform some iptables operations. I + # would think this was due to some kernel module not being + # loaded in the underlying host instance, except that other + # platforms pass just fine in GitHub Actions. + # + # I've already spent too much time on this, and we don't + # require the Ubuntu support right now, so I will make the + # executive decision to remove Ubuntu Focal support for now. + # I created this issue to document the error: + # https://github.com/cisagov/ansible-role-ufw/issues/3 + # - focal - jammy role_name: ufw standalone: true diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f1bc302..68d8e20 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -59,45 +59,57 @@ platforms: privileged: true volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: docker.io/geerlingguy/docker-fedora38-ansible:latest - name: fedora38-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - - cgroupns_mode: host - command: /lib/systemd/systemd - image: docker.io/geerlingguy/docker-fedora39-ansible:latest - name: fedora39-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - # For reasons I haven't been able to discern, the Ubuntu molecule + # For reasons I haven't been able to discern, the Fedora molecule # tests work fine locally but fail in GitHub Actions due to being # unable to perform some iptables operations. I would think this # was due to some kernel module not being loaded in the underlying - # host instance, except that the non-Ubuntu platforms pass just fine - # in GitHub Actions. + # host instance, except that other platforms pass just fine in + # GitHub Actions. + # + # I've already spent too much time on this, and the role works just + # fine when building a Fedora AMI, so I will make the executive + # decision to remove Fedora support for now. I created this issue + # to document the error: + # https://github.com/cisagov/ansible-role-ufw/issues/3 + # - cgroupns_mode: host + # command: /lib/systemd/systemd + # image: docker.io/geerlingguy/docker-fedora38-ansible:latest + # name: fedora38-systemd + # platform: amd64 + # pre_build_image: true + # privileged: true + # volumes: + # - /sys/fs/cgroup:/sys/fs/cgroup:rw + # - cgroupns_mode: host + # command: /lib/systemd/systemd + # image: docker.io/geerlingguy/docker-fedora39-ansible:latest + # name: fedora39-systemd + # platform: amd64 + # pre_build_image: true + # privileged: true + # volumes: + # - /sys/fs/cgroup:/sys/fs/cgroup:rw + # For reasons I haven't been able to discern, the Ubuntu Focal + # molecule tests work fine locally but fail in GitHub Actions due to + # being unable to perform some iptables operations. I would think + # this was due to some kernel module not being loaded in the + # underlying host instance, except that other platforms pass just + # fine in GitHub Actions. # # I've already spent too much time on this, and we don't require the # Ubuntu support right now, so I will make the executive decision to - # remove Ubuntu support for now. I created this issue to document - # the error: + # remove Ubuntu Focal support for now. I created this issue to + # document the error: # https://github.com/cisagov/ansible-role-ufw/issues/3 - - cgroupns_mode: host - command: /lib/systemd/systemd - image: docker.io/geerlingguy/docker-ubuntu2004-ansible:latest - name: ubuntu-20-systemd - platform: amd64 - pre_build_image: true - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw + # - cgroupns_mode: host + # command: /lib/systemd/systemd + # image: docker.io/geerlingguy/docker-ubuntu2004-ansible:latest + # name: ubuntu-20-systemd + # platform: amd64 + # pre_build_image: true + # privileged: true + # volumes: + # - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host command: /lib/systemd/systemd image: docker.io/geerlingguy/docker-ubuntu2204-ansible:latest