diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 471a494..fddf200 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,6 +5,8 @@ on: # yamllint disable-line rule:truthy merge_group: types: - checks_requested + # We use the default activity types for the pull_request event as specified here: + # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request pull_request: push: repository_dispatch: @@ -23,7 +25,7 @@ env: PIP_CACHE_DIR: ~/.cache/pip PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit RUN_TMATE: ${{ secrets.RUN_TMATE }} - TERRAFORM_DOCS_REPO_BRANCH_NAME: improvement/support_atx_closed_markdown_headers + TERRAFORM_DOCS_REPO_BRANCH_NAME: cisagov TERRAFORM_DOCS_REPO_DEPTH: 1 TERRAFORM_DOCS_REPO_URL: https://github.com/mcdonnnj/terraform-docs.git @@ -118,18 +120,20 @@ jobs: name: Lookup Go cache directory run: | echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT - - uses: actions/cache@v4 + - uses: actions/cache@v5 env: - BASE_CACHE_KEY: ${{ github.job }}-${{ runner.os }}-\ - py${{ steps.setup-python.outputs.python-version }}-\ - go${{ steps.setup-go.outputs.go-version }}-\ - packer${{ steps.setup-env.outputs.packer-version }}-\ - tf${{ steps.setup-env.outputs.terraform-version }}- + BASE_CACHE_KEY: >- + ${{ github.job }}-${{ runner.os + }}-py${{ steps.setup-python.outputs.python-version + }}-go${{ steps.setup-go.outputs.go-version + }}-packer${{ steps.setup-env.outputs.packer-version + }}-tf${{ steps.setup-env.outputs.terraform-version }}- with: - key: ${{ env.BASE_CACHE_KEY }}\ - ${{ hashFiles('**/requirements-test.txt') }}-\ - ${{ hashFiles('**/requirements.txt') }}-\ - ${{ hashFiles('**/.pre-commit-config.yaml') }} + key: >- + ${{ env.BASE_CACHE_KEY }}${{ + hashFiles('**/requirements-test.txt') }}-${{ + hashFiles('**/requirements.txt') }}-${{ + hashFiles('**/.pre-commit-config.yaml') }} # Note that the .terraform directory IS NOT included in the # cache because if we were caching, then we would need to use # the `-upgrade=true` option. This option blindly pulls down the @@ -169,10 +173,13 @@ jobs: PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} # TODO: https://github.com/cisagov/skeleton-generic/issues/165 - # We are temporarily using @mcdonnnj's forked branch of terraform-docs - # until his PR: https://github.com/terraform-docs/terraform-docs/pull/745 - # is approved. This temporary fix will allow for ATX header support when - # terraform-docs is run during linting. + # We are temporarily using a branch of @mcdonnnj's fork of terraform-docs that + # groups changes from his PRs until they are approved and merged: + # https://github.com/terraform-docs/terraform-docs/pull/745 + # https://github.com/terraform-docs/terraform-docs/pull/901 + # This temporary fix will allow for ATX header support when terraform-docs is run + # during linting and output delimiter rows with cell spacing that passes + # Markdownlint's MD060/table-column-style rule. - name: Clone ATX headers branch from terraform-docs fork run: | git clone \ @@ -187,7 +194,7 @@ jobs: -o $(go env GOPATH)/bin/terraform-docs - name: Install dependencies run: | - python -m pip install --upgrade pip setuptools wheel + python -m pip install --upgrade pip setuptools pip install --upgrade --requirement requirements-test.txt - name: Set up pre-commit hook environments run: pre-commit install-hooks diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5458e86..68ac7da 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -12,6 +12,8 @@ on: merge_group: types: - checks_requested + # We use the default activity types for the pull_request event as specified here: + # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request pull_request: # The branches here must be a subset of the ones in the push key branches: diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 580fa9c..2b71638 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -5,6 +5,8 @@ on: # yamllint disable-line rule:truthy merge_group: types: - checks_requested + # We use the default activity types for the pull_request event as specified here: + # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request pull_request: # Set a default shell for any run steps. The `-Eueo pipefail` sets errtrace, diff --git a/.github/workflows/label-prs.yml b/.github/workflows/label-prs.yml index 412cc4a..45d317b 100644 --- a/.github/workflows/label-prs.yml +++ b/.github/workflows/label-prs.yml @@ -2,11 +2,9 @@ name: Label pull requests on: # yamllint disable-line rule:truthy + # We use the default activity types for the pull_request event as specified here: + # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request pull_request: - types: - - edited - - opened - - synchronize # Set a default shell for any run steps. The `-Eueo pipefail` sets errtrace, # nounset, errexit, and pipefail. The `-x` will print all commands as they are diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 54e50f1..9a10fe9 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -45,17 +45,17 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.45.0 + rev: v0.47.0 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - repo: https://github.com/rbubley/mirrors-prettier - rev: v3.6.2 + rev: v3.8.1 hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint - rev: v1.37.1 + rev: v1.38.0 hooks: - id: yamllint args: @@ -63,14 +63,14 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.35.0 + rev: 0.36.2 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v4.4.0 + rev: v4.5.1 hooks: - id: validate_manifest @@ -129,13 +129,13 @@ repos: # Python hooks - repo: https://github.com/PyCQA/bandit - rev: 1.9.1 + rev: 1.9.3 hooks: - id: bandit args: - --config=.bandit.yml - repo: https://github.com/psf/black-pre-commit-mirror - rev: 25.11.0 + rev: 26.1.0 hooks: - id: black - repo: https://github.com/PyCQA/flake8 @@ -145,15 +145,15 @@ repos: additional_dependencies: - flake8-docstrings==1.7.0 - repo: https://github.com/PyCQA/isort - rev: 7.0.0 + rev: 8.0.0 hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.18.2 + rev: v1.19.1 hooks: - id: mypy - repo: https://github.com/pypa/pip-audit - rev: v2.9.0 + rev: v2.10.0 hooks: - id: pip-audit args: @@ -165,7 +165,7 @@ repos: - --requirement - requirements.txt - repo: https://github.com/asottile/pyupgrade - rev: v3.21.1 + rev: v3.21.2 hooks: - id: pyupgrade args: @@ -177,7 +177,7 @@ repos: # Ansible hooks - repo: https://github.com/ansible/ansible-lint - rev: v25.11.1 + rev: v26.1.1 hooks: - id: ansible-lint additional_dependencies: @@ -203,7 +203,7 @@ repos: # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.103.0 + rev: v1.105.0 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/README.md b/README.md index 51004ad..afb0bb4 100644 --- a/README.md +++ b/README.md @@ -37,14 +37,14 @@ module "example" { ## Requirements ## | Name | Version | -|------|---------| +| ---- | ------- | | terraform | >= 1.1 | | aws | >= 4.9 | ## Providers ## | Name | Version | -|------|---------| +| ---- | ------- | | aws | >= 4.9 | ## Modules ## @@ -54,7 +54,7 @@ No modules. ## Resources ## | Name | Type | -|------|------| +| ---- | ---- | | [aws_instance.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | | [aws_ami.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | | [aws_default_tags.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/default_tags) | data source | @@ -62,7 +62,7 @@ No modules. ## Inputs ## | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | ami\_owner\_account\_id | The ID of the AWS account that owns the Example AMI, or "self" if the AMI is owned by the same account as the provisioner. | `string` | `"self"` | no | | aws\_availability\_zone | The AWS availability zone to deploy into (e.g. a, b, c, etc.). | `string` | `"a"` | no | | aws\_region | The AWS region to deploy into (e.g. us-east-1). | `string` | `"us-east-1"` | no | @@ -71,7 +71,7 @@ No modules. ## Outputs ## | Name | Description | -|------|-------------| +| ---- | ----------- | | arn | The EC2 instance ARN. | | availability\_zone | The AZ where the EC2 instance is deployed. | | id | The EC2 instance ID. | diff --git a/examples/basic_usage/.terraform.lock.hcl b/examples/basic_usage/.terraform.lock.hcl index 90e0ee9..21e8ddf 100644 --- a/examples/basic_usage/.terraform.lock.hcl +++ b/examples/basic_usage/.terraform.lock.hcl @@ -2,24 +2,24 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "6.15.0" + version = "6.36.0" constraints = ">= 4.9.0, ~> 6.7" hashes = [ - "h1:fHH8H5xoptQywVxVEX0vsWYeBeKR1uuQJmaOfZirr54=", - "zh:05a3d3b268761cd90cabd6106bff2bf27f480ab31305cd8ef8c749060855f84d", - "zh:0edae750ebaee784624e41b1e18fe6179a513d63c5bb8fbffab4631391092b4f", - "zh:17f3d20951662ffd6a610d9c7f44afa281db6f220685796147e4ffb6374cc8b8", - "zh:373a5446fca3aeff76bc5637babd732d6c78d9a66c82a828a1b009e8b21f33bc", - "zh:3ce69866d23b7d0bb5bfa06f5407147ed90713924cd65246858c414313a96ffc", - "zh:40ab0ca19845890df706784bb62d9fc9961a15c23c894f0e9f89b66524c4be55", - "zh:66bd5554c582c1f01c1a509eedf4a81c861065b48a49d1be3e3ea98a89b1f801", - "zh:798b66f98cc8d8ff9c6844a8238d2639f951ef3956d412fb438708ba3e4ae9e3", - "zh:943e5f918d3b470fbfb9ea1c8bcc3b97a8218a0842e77a0fdbac0941dd461cdf", + "h1:r9icn1WEZVvEXiy6ZKexLzAPnXkkt+22jJ9WQYPfKB0=", + "zh:0eb4481315564aaeec4905a804fd0df22c40f509ad2af63615eeaa90abacf81c", + "zh:12c3cddc461a8dbaa04387fe83420b64c4c05cb5479d181674168ca7daefcc38", + "zh:1b55a09661e80acf6826faa38dd8fbff24c2ef620d2a0a16918491a222c55370", + "zh:269cb1a406d0cac762bce82119247395a0bbf0d4ad2492fb2ea5653b4f44bc05", + "zh:3bfb78e3345f0c3846e76578952a09fb5dda05d2d73e19473fb0af0000469a66", + "zh:3ead4f4388c7dd78ed198082a981746324da0d7a51460c9b455fd884d86fc82c", + "zh:44906654199991b3f1a21c6a984bc5f9f556ff4baa4e5f77e168968e941c2725", + "zh:4803d050d581b05b0fd0ae5cce95ec1784d66e2bc9da4b1f7663df0ce7914609", + "zh:4cf9fe8fae58b62e83c0672a9c66e0963b7289aaf768a250e9bc44570d82cbd5", + "zh:5bfd7a1fb3116164b411777115dd4b272a68984fa949c687e41a3041318c82f1", + "zh:77cbcf2db512617f10b81e11c20d40fa534ef07163171cbe35214fa8f74b4e85", + "zh:8201cabed01f1434bf9ea7fbcf2a95612a87a0398b870b2643bd1a5119793d2d", + "zh:9aaded4cf36ec2abbe35086733a4510e08819698180b21a9387ba4112aee02e0", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9e95f017fae84d07d6cd627949715dbe8749d4d819c13c8b0bef1a679a26671b", - "zh:aac7e07599a17fccbdd21b092a7741534af5bec60b492299f2bcd3d7279be4a9", - "zh:c6292faaf05a6dc45e170f67f251aaad9b7e1159b5946219908dd11025f4146b", - "zh:df892b9eca5ecfb3c0a0e829511aea7e6b30f08b862c7fba9de67d2ae9729983", - "zh:fb8c5ff7296d01bf60d983c64f45969ec664a40bdd768d90a35a6afe7df1aeb7", + "zh:f594ef2683a0d23d3a6f0ad6c84a55ed79368c158ee08c2f3b7c41ec446a701f", ] } diff --git a/examples/basic_usage/README.md b/examples/basic_usage/README.md index 7911f68..d806870 100644 --- a/examples/basic_usage/README.md +++ b/examples/basic_usage/README.md @@ -12,33 +12,33 @@ Note that this example may create resources which cost money. Run ## Requirements ## | Name | Version | -|------|---------| +| ---- | ------- | | terraform | ~> 1.1 | | aws | ~> 6.7 | ## Providers ## | Name | Version | -|------|---------| +| ---- | ------- | | aws | ~> 6.7 | ## Modules ## | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | example | ../../ | n/a | ## Resources ## | Name | Type | -|------|------| +| ---- | ---- | | [aws_subnet.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | | [aws_vpc.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource | ## Inputs ## | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | ami\_owner\_account\_id | The ID of the AWS account that owns the AMI, or "self" if the AMI is owned by the same account as the provisioner. | `string` | `"self"` | no | | aws\_availability\_zone | The AWS availability zone to deploy into (e.g. a, b, c, etc.). | `string` | `"a"` | no | | aws\_region | The AWS region to deploy into (e.g. us-east-1). | `string` | `"us-east-1"` | no | @@ -48,7 +48,7 @@ Note that this example may create resources which cost money. Run ## Outputs ## | Name | Description | -|------|-------------| +| ---- | ----------- | | arn | The EC2 instance ARN. | | availability\_zone | The AZ where the EC2 instance is deployed. | | id | The EC2 instance ID. | diff --git a/requirements.txt b/requirements.txt index 0a8547b..68cbeeb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1 @@ -setuptools -wheel +setuptools>=70.1 diff --git a/setup-env b/setup-env index 89c7603..d3d003c 100755 --- a/setup-env +++ b/setup-env @@ -271,7 +271,7 @@ fi pyenv local "${env_name}" # Upgrade pip and friends -python3 -m pip install --upgrade pip setuptools wheel +python3 -m pip install --upgrade pip setuptools # Find a requirements file (if possible) and install for req_file in "requirements-dev.txt" "requirements-test.txt" "requirements.txt"; do