Merge pull request #40 from cisagov/lineage/skeleton

⚠️ CONFLICT! Lineage pull request for: skeleton

.ansible-lint

@@ -1,10 +1,9 @@
 ---
-# See https://ansible-lint.readthedocs.io/en/latest/configuring.html
-# for a list of the configuration elements that can exist in this
-# file.
+# See https://ansible-lint.readthedocs.io/configuring/ for a list of
+# the configuration elements that can exist in this file.
 enable_list:
   # Useful checks that one must opt-into.  See here for more details:
-  # https://ansible-lint.readthedocs.io/en/latest/rules.html
+  # https://ansible-lint.readthedocs.io/rules/
   - fcqn-builtins
   - no-log-password
   - no-same-owner

.github/workflows/build.yml

@@ -30,7 +30,10 @@ jobs:
       - id: setup-go
         uses: actions/setup-go@v4
         with:
-          go-version: "1.19"
+          # There is no expectation for actual Go code so we disable caching as
+          # it relies on the existence of a go.sum file.
+          cache: false
+          go-version: "1.20"
       - name: Lookup Go cache directory
         id: go-cache
         run: |

.pre-commit-config.yaml

@@ -31,35 +31,54 @@ repos:
 
   # Text file hooks
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.33.0
+    rev: v0.34.0
     hooks:
       - id: markdownlint
         args:
           - --config=.mdl_config.yaml
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v3.0.0-alpha.6
+    rev: v3.0.0-alpha.9-for-vscode
     hooks:
       - id: prettier
   - repo: https://github.com/adrienverge/yamllint
-    rev: v1.30.0
+    rev: v1.32.0
     hooks:
       - id: yamllint
         args:
           - --strict
 
   # GitHub Actions hooks
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.22.0
+    rev: 0.23.1
     hooks:
       - id: check-github-actions
       - id: check-github-workflows
 
   # pre-commit hooks
   - repo: https://github.com/pre-commit/pre-commit
-    rev: v3.2.1
+    rev: v3.3.2
     hooks:
       - id: validate_manifest
 
+  # Go hooks
+  - repo: https://github.com/TekWizely/pre-commit-golang
+    rev: v1.0.0-rc.1
+    hooks:
+      # Style Checkers
+      - id: go-critic
+      # StaticCheck
+      - id: go-staticcheck-repo-mod
+      # Go Build
+      - id: go-build-repo-mod
+      # Go Mod Tidy
+      - id: go-mod-tidy-repo
+      # Go Test
+      - id: go-test-repo-mod
+      # Go Vet
+      - id: go-vet-repo-mod
+      # GoSec
+      - id: go-sec-repo-mod
+
   # Shell script hooks
   - repo: https://github.com/cisagov/pre-commit-shfmt
     rev: v0.0.2
@@ -98,7 +117,7 @@ repos:
         name: bandit (everything else)
         exclude: tests
   - repo: https://github.com/psf/black
-    rev: 23.1.0
+    rev: 23.3.0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8
@@ -112,31 +131,31 @@ repos:
     hooks:
       - id: isort
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.1.1
+    rev: v1.3.0
     hooks:
       - id: mypy
   - repo: https://github.com/asottile/pyupgrade
-    rev: v3.3.1
+    rev: v3.4.0
     hooks:
       - id: pyupgrade
 
   # Ansible hooks
   - repo: https://github.com/ansible-community/ansible-lint
-    rev: v5.4.0
+    rev: v6.17.0
     hooks:
       - id: ansible-lint
       # files: molecule/default/playbook.yml
 
   # Terraform hooks
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.1
+    rev: v1.80.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
 
   # Docker hooks
   - repo: https://github.com/IamTheFij/docker-pre-commit
-    rev: v2.1.1
+    rev: v3.0.1
     hooks:
       - id: docker-compose-check
 

setup-env

@@ -65,7 +65,7 @@ done
 eval set -- "$PARAMS"
 
 # Check to see if pyenv is installed
-if [ -z "$(command -v pyenv)" ] || [ -z "$(command -v pyenv-virtualenv)" ]; then
+if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ]; }; then
   echo "pyenv and pyenv-virtualenv are required."
   if [[ "$OSTYPE" == "darwin"* ]]; then
     cat << 'END_OF_LINE'
@@ -186,5 +186,5 @@ else:
 END_OF_LINE
 )"
 
-# Qapla
+# Qapla'
 echo "Success!"

src/assessor_workbench.yml

@@ -2,13 +2,13 @@
 - hosts: all
   name: Install and configure Assessor Workbench Docker composition
   become: yes
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   tasks:
     - name: Install Assessor Workbench
       ansible.builtin.include_role:
         name: assessor_workbench
       vars:
-        bucket_name: "{{ build_bucket }}"
+        assessor_workbench_bucket_name: "{{ build_bucket }}"
     - name: Pull in all Docker images needed for Assessor Workbench
       block:
         # Both steps in this block are needed in order to pull in all of the
@@ -17,6 +17,8 @@
           ansible.builtin.command:
             chdir: "{{ assessor_workbench_dir }}"
             cmd: "{{ assessor_workbench_dir }}/run.py pull"
+          changed_when: run_py_pull == 0
+          register: run_py_pull
         # The community.docker.docker_compose module exists, but it
         # only supports docker-compose and not the Docker Compose
         # plugin (i.e., docker compose).  Ansible may offer more
@@ -25,6 +27,9 @@
           ansible.builtin.command:
             chdir: "{{ assessor_workbench_dir }}"
             cmd: docker compose pull
+          changed_when: docker_compose_pull.rc == 0
+          failed_when: docker_compose_pull.rc != 0
+          register: docker_compose_pull
     # We use cloud-init scripts in cisagov/cool-assessment-terraform to
     # set Docker's backing file system to a persistent volume.  It would
     # cause problems if the Docker service were to start before cloud-init

src/aws.yml

@@ -2,7 +2,7 @@
 - hosts: all
   name: AWS-specific roles
   become: yes
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   tasks:
     - name: Install Amazon EFS utilities
       ansible.builtin.include_role:
@@ -11,7 +11,7 @@
         # Note that we use the same GID for the efs_users group on all
         # instances.  This helps us avoid UID/GID collisions with
         # files written to the EFS share.
-        efs_users_gid: 2048
+        amazon_efs_utils_efs_users_gid: 2048
     - name: Install Amazon SSM Agent
       ansible.builtin.include_role:
         name: amazon_ssm_agent

src/base.yml

@@ -2,7 +2,7 @@
 - hosts: all
   name: Setup base image
   become: yes
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   tasks:
     - name: Install and configure automated security updates
       ansible.builtin.include_role:

src/cloud_init.yml

@@ -4,7 +4,7 @@
 - hosts: all
   name: Enable all cloud-init services
   become: yes
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   tasks:
     - name: Enable all cloud-init services
       ansible.builtin.service:

src/extras.yml

@@ -2,7 +2,7 @@
 - hosts: all
   name: Various extras to configure the environment for operators
   become: yes
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   tasks:
     - name: Install extra software used by operators
       ansible.builtin.package:

src/python.yml

@@ -2,7 +2,7 @@
 - hosts: all
   name: Install pip3/python3 and remove pip2/python2
   become: yes
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   tasks:
     # If pip were to be installed first, then the OS _could_ pull
     # different Python packages than what would be installed via the

src/requirements.yml

@@ -29,7 +29,7 @@
   src: https://github.com/cisagov/ansible-role-remove-python2
 - name: upgrade
   src: https://github.com/cisagov/ansible-role-upgrade
-- name: vnc
+- name: vnc_server
   src: https://github.com/cisagov/ansible-role-vnc-server
 - name: xfce_cool
   src: https://github.com/cisagov/ansible-role-xfce-cool

src/upgrade.yml

@@ -2,7 +2,7 @@
 - hosts: all
   name: Upgrade base image
   become: yes
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   tasks:
     - name: Upgrade all packages
       ansible.builtin.include_role:

src/version.txt

@@ -1 +1 @@
-__version__ = "0.0.7"
+__version__ = "0.0.8"

src/vnc.yml

@@ -2,25 +2,27 @@
 - hosts: all
   name: Install VNC
   become: yes
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   tasks:
     - name: Install VNC
       ansible.builtin.include_role:
-        name: vnc
+        name: vnc_server
       vars:
         # The user information and ssh keys for the VNC user
-        password: "{{ lookup('aws_ssm', '/vnc/password') }}"
-        private_ssh_key: "{{ lookup('aws_ssm', '/vnc/ssh/ed25519_private_key') }}"
-        public_ssh_key: "{{ lookup('aws_ssm', '/vnc/ssh/ed25519_public_key') }}"
-        user_groups:
+        vnc_server_password: "{{ lookup('aws_ssm', '/vnc/password') }}"
+        vnc_server_private_ssh_key: |-
+          {{ lookup('aws_ssm', '/vnc/ssh/ed25519_private_key') }}
+        vnc_server_public_ssh_key: |-
+          {{ lookup('aws_ssm', '/vnc/ssh/ed25519_public_key') }}
+        vnc_server_user_groups:
           # Note that this means that the aws.yml playbook _must_ run
           # before this one, so that the efs_users group has been
           # created.
           - efs_users
         # Note that we use the same UID for the VNC and Samba guest
         # users on all instances.  This helps us avoid UID/GID
         # collisions with files written to the EFS share.
-        user_uid: 2048
+        vnc_server_user_uid: 2048
     - name: Ensure wheel group exists
       ansible.builtin.group:
         name: wheel
@@ -35,7 +37,7 @@
         append: yes
         groups:
           - wheel
-        name: "{{ username }}"
+        name: "{{ vnc_server_username }}"
   vars:
     # The username for the VNC user
-    username: "{{ lookup('aws_ssm', '/vnc/username') }}"
+    vnc_server_username: "{{ lookup('aws_ssm', '/vnc/username') }}"

src/xfce.yml

@@ -2,13 +2,13 @@
 - hosts: all
   name: Install Xfce
   become: yes
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   tasks:
     - name: Install Xfce for the COOL
       ansible.builtin.include_role:
         name: xfce_cool
       vars:
         # The users for whom a symlink to the COOL file share should
         # be created
-        usernames:
+        xfce_cool_usernames:
           - "{{ lookup('aws_ssm', '/vnc/username') }}"