Merge pull request #235 from cisagov/lineage/skeleton

⚠️ CONFLICT! Lineage pull request for: skeleton

Author: mcdonnnj

.github/dependabot.yml

@@ -12,9 +12,16 @@ updates:
     schedule:
       interval: "weekly"
     ignore:
+      # Managed by cisagov/skeleton-generic
       - dependency-name: actions/cache
       - dependency-name: actions/checkout
+      - dependency-name: actions/setup-go
       - dependency-name: actions/setup-python
+      - dependency-name: hashicorp/setup-terraform
+      - dependency-name: mxschmitt/action-tmate
+      # Managed by cisagov/skeleton-python-library
+      - dependency-name: actions/download-artifact
+      - dependency-name: actions/upload-artifact
 
   - package-ecosystem: "pip"
     directory: "/"

.github/labels.yml

@@ -0,0 +1,70 @@
+---
+# Rather than breaking up descriptions into multiline strings we disable that
+# specific rule in yamllint for this file.
+# yamllint disable rule:line-length
+- color: "eb6420"
+  description: This issue or pull request is awaiting the outcome of another issue or pull request
+  name: blocked
+- color: "000000"
+  description: This issue or pull request involves changes to existing functionality
+  name: breaking change
+- color: "d73a4a"
+  description: This issue or pull request addresses broken functionality
+  name: bug
+- color: "07648d"
+  description: This issue will be advertised on code.gov's Open Tasks page (https://code.gov/open-tasks)
+  name: code.gov
+- color: "0366d6"
+  description: Pull requests that update a dependency file
+  name: dependencies
+- color: "5319e7"
+  description: This issue or pull request improves or adds to documentation
+  name: documentation
+- color: "cfd3d7"
+  description: This issue or pull request already exists or is covered in another issue or pull request
+  name: duplicate
+- color: "b005bc"
+  description: A high-level objective issue encompassing multiple issues instead of a specific unit of work
+  name: epic
+- color: "000000"
+  description: Pull requests that update GitHub Actions code
+  name: github-actions
+- color: "0e8a16"
+  description: This issue or pull request is well-defined and good for newcomers
+  name: good first issue
+- color: "ff7518"
+  description: Pull request that should count toward Hacktoberfest participation
+  name: hacktoberfest-accepted
+- color: "a2eeef"
+  description: This issue or pull request will add or improve functionality, maintainability, or ease of use
+  name: improvement
+- color: "fef2c0"
+  description: This issue or pull request is not applicable, incorrect, or obsolete
+  name: invalid
+- color: "ce099a"
+  description: This pull request is ready to merge during the next Lineage Kraken release
+  name: kraken 🐙
+- color: "a4fc5d"
+  description: This issue or pull request requires further information
+  name: need info
+- color: "fcdb45"
+  description: This pull request is awaiting an action or decision to move forward
+  name: on hold
+- color: "3772a4"
+  description: Pull requests that update Python code
+  name: python
+- color: "ef476c"
+  description: This issue is a request for information or needs discussion
+  name: question
+- color: "00008b"
+  description: This issue or pull request adds or otherwise modifies test code
+  name: test
+- color: "1d76db"
+  description: This issue or pull request pulls in upstream updates
+  name: upstream update
+- color: "d4c5f9"
+  description: This issue or pull request increments the version number
+  name: version bump
+- color: "ffffff"
+  description: This issue will not be incorporated
+  name: wontfix

.github/workflows/build.yml

@@ -21,30 +21,26 @@ jobs:
         uses: cisagov/setup-env-github-action@develop
       - uses: actions/checkout@v3
       - id: setup-python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
           # A lower version is used because of a dependency issue in Python
-          # versions 3.8-3.10
+          # versions 3.8-3.11
           python-version: "3.7"
       # We need the Go version and Go cache location for the actions/cache step,
       # so the Go installation must happen before that.
-      - uses: actions/setup-go@v2
+      - id: setup-go
+        uses: actions/setup-go@v3
         with:
-          go-version: "1.16"
-      - name: Store installed Go version
-        id: go-version
-        run: |
-          echo "::set-output name=version::"\
-          "$(go version | sed 's/^go version go\([0-9.]\+\) .*/\1/')"
+          go-version: "1.19"
       - name: Lookup Go cache directory
         id: go-cache
         run: |
-          echo "::set-output name=dir::$(go env GOCACHE)"
+          echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT
       - uses: actions/cache@v3
         env:
           BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
             py${{ steps.setup-python.outputs.python-version }}-\
-            go${{ steps.go-version.outputs.version }}-\
+            go${{ steps.setup-go.outputs.go-version }}-\
             packer${{ steps.setup-env.outputs.packer-version }}-\
             tf${{ steps.setup-env.outputs.terraform-version }}-"
         with:
@@ -84,7 +80,7 @@ jobs:
             ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}"
           sudo mv /usr/local/bin/packer /usr/local/bin/packer-default
           sudo ln -s /opt/packer/packer /usr/local/bin/packer
-      - uses: hashicorp/setup-terraform@v1
+      - uses: hashicorp/setup-terraform@v2
         with:
           terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
       - name: Install shfmt
@@ -109,10 +105,12 @@ jobs:
         uses: mxschmitt/action-tmate@v3
         if: env.RUN_TMATE
   test:
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
+        os:
+          - ubuntu-latest
         # The versions of nassl pinned by our sslyze version constraint only
         # have bdists available for Python 3.6 and 3.7, so we can only support
         # those versions of Python. The error seen when trying to install on
@@ -123,15 +121,18 @@ jobs:
         #   sslyze 2.1.4 depends on nassl<2.3.0 and >=2.2.0
         #   sslyze 2.1.3 depends on nassl<2.3.0 and >=2.2.0
         python-version:
-          - "3.6"
           - "3.7"
           # - "3.8"
           # - "3.9"
           # - "3.10"
+          # - "3.11"
+        include:
+          - os: ubuntu-20.04
+            python-version: "3.6"
     steps:
       - uses: actions/checkout@v3
       - id: setup-python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python-version }}
       - uses: actions/cache@v3
@@ -170,14 +171,15 @@ jobs:
         if: env.RUN_TMATE
   coveralls-finish:
     runs-on: ubuntu-latest
-    needs: test
+    needs:
+      - test
     steps:
       - uses: actions/checkout@v3
       - id: setup-python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
           # A lower version is used because of a dependency issue in Python
-          # versions 3.8-3.10
+          # versions 3.8-3.11
           python-version: "3.7"
       - uses: actions/cache@v3
         env:
@@ -206,13 +208,16 @@ jobs:
         uses: mxschmitt/action-tmate@v3
         if: env.RUN_TMATE
   build:
-    runs-on: ubuntu-latest
-    needs: [lint, test]
+    runs-on: ${{ matrix.os }}
+    needs:
+      - lint
+      - test
     strategy:
       fail-fast: false
       matrix:
+        os:
+          - ubuntu-latest
         python-version:
-          - "3.6"
           - "3.7"
           # Disabled due to an unresolvable dependency issue between sslyze and
           # nassl:
@@ -224,10 +229,14 @@ jobs:
           # - "3.8"
           # - "3.9"
           # - "3.10"
+          # - "3.11"
+        include:
+          - os: ubuntu-20.04
+            python-version: "3.6"
     steps:
       - uses: actions/checkout@v3
       - id: setup-python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python-version }}
       - uses: actions/cache@v3
@@ -251,10 +260,72 @@ jobs:
       - name: Build artifacts
         run: python -m build
       - name: Upload artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: dist-${{ matrix.python-version }}
           path: dist
       - name: Setup tmate debug session
         uses: mxschmitt/action-tmate@v3
         if: env.RUN_TMATE
+  test-build:
+    runs-on: ${{ matrix.os }}
+    needs:
+      - build
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+        python-version:
+          - "3.7"
+          # Disabled due to an unresolvable dependency issue between sslyze and
+          # nassl:
+          # ERROR: Cannot install pshtt because these package versions have
+          # conflicting dependencies.
+          # The conflict is caused by:
+          #   sslyze 2.1.4 depends on nassl<2.3.0 and >=2.2.0
+          #   sslyze 2.1.3 depends on nassl<2.3.0 and >=2.2.0
+          # - "3.8"
+          # - "3.9"
+          # - "3.10"
+          # - "3.11"
+        include:
+          - os: ubuntu-20.04
+            python-version: "3.6"
+    steps:
+      - uses: actions/checkout@v3
+      - id: setup-python
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+      - uses: actions/cache@v3
+        env:
+          BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
+            py${{ steps.setup-python.outputs.python-version }}-"
+        with:
+          path: ${{ env.PIP_CACHE_DIR }}
+          # We do not use '**/setup.py' in the cache key so only the 'setup.py'
+          # file in the root of the repository is used. This is in case a Python
+          # package were to have a 'setup.py' as part of its internal codebase.
+          key: "${{ env.BASE_CACHE_KEY }}\
+            ${{ hashFiles('**/requirements.txt') }}-\
+            ${{ hashFiles('setup.py') }}"
+          restore-keys: |
+            ${{ env.BASE_CACHE_KEY }}
+      - name: Retrieve the built wheel
+        uses: actions/download-artifact@v3
+        with:
+          name: dist-${{ matrix.python-version }}
+      - name: Install testing dependencies
+        run: |
+          python -m pip install --upgrade pip setuptools wheel
+          python -m pip install --upgrade pytest pytest-cov
+      - name: Install the built wheel (there should only be one)
+        run: python -m pip install *.whl
+      - name: Run tests
+        env:
+          RELEASE_TAG: ${{ github.event.release.tag_name }}
+        run: pytest
+      - name: Setup tmate debug session
+        uses: mxschmitt/action-tmate@v3
+        if: env.RUN_TMATE

.github/workflows/sync-labels.yml

@@ -0,0 +1,29 @@
+---
+name: sync-labels
+
+on:
+  push:
+    paths:
+      - '.github/labels.yml'
+      - '.github/workflows/sync-labels.yml'
+
+permissions:
+  contents: read
+
+jobs:
+  labeler:
+    permissions:
+      # actions/checkout needs this to fetch code
+      contents: read
+      # crazy-max/ghaction-github-labeler needs this to manage repository labels
+      issues: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Sync repository labels
+        if: success()
+        uses: crazy-max/ghaction-github-labeler@v4
+        with:
+          # This is a hideous ternary equivalent so we only do a dry run unless
+          # this workflow is triggered by the develop branch.
+          dry-run: ${{ github.ref_name == 'develop' && 'false' || 'true' }}