Merge remote-tracking branch 'skeleton-ansible-role/develop' into lin…

…eage/skeleton

.ansible-lint

@@ -1,10 +1,9 @@
 ---
-# See https://ansible-lint.readthedocs.io/en/latest/configuring.html
-# for a list of the configuration elements that can exist in this
-# file.
+# See https://ansible-lint.readthedocs.io/configuring/ for a list of
+# the configuration elements that can exist in this file.
 enable_list:
   # Useful checks that one must opt-into.  See here for more details:
-  # https://ansible-lint.readthedocs.io/en/latest/rules.html
+  # https://ansible-lint.readthedocs.io/rules/
   - fcqn-builtins
   - no-log-password
   - no-same-owner

.github/workflows/build.yml

@@ -29,7 +29,10 @@ jobs:
       - id: setup-go
         uses: actions/setup-go@v4
         with:
-          go-version: "1.19"
+          # There is no expectation for actual Go code so we disable caching as
+          # it relies on the existence of a go.sum file.
+          cache: false
+          go-version: "1.20"
       - name: Lookup Go cache directory
         id: go-cache
         run: |

.pre-commit-config.yaml

@@ -31,35 +31,54 @@ repos:
 
   # Text file hooks
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.33.0
+    rev: v0.34.0
     hooks:
       - id: markdownlint
         args:
           - --config=.mdl_config.yaml
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v3.0.0-alpha.6
+    rev: v3.0.0-alpha.9-for-vscode
     hooks:
       - id: prettier
   - repo: https://github.com/adrienverge/yamllint
-    rev: v1.30.0
+    rev: v1.32.0
     hooks:
       - id: yamllint
         args:
           - --strict
 
   # GitHub Actions hooks
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.22.0
+    rev: 0.23.1
     hooks:
       - id: check-github-actions
       - id: check-github-workflows
 
   # pre-commit hooks
   - repo: https://github.com/pre-commit/pre-commit
-    rev: v3.2.1
+    rev: v3.3.2
     hooks:
       - id: validate_manifest
 
+  # Go hooks
+  - repo: https://github.com/TekWizely/pre-commit-golang
+    rev: v1.0.0-rc.1
+    hooks:
+      # Style Checkers
+      - id: go-critic
+      # StaticCheck
+      - id: go-staticcheck-repo-mod
+      # Go Build
+      - id: go-build-repo-mod
+      # Go Mod Tidy
+      - id: go-mod-tidy-repo
+      # Go Test
+      - id: go-test-repo-mod
+      # Go Vet
+      - id: go-vet-repo-mod
+      # GoSec
+      - id: go-sec-repo-mod
+
   # Shell script hooks
   - repo: https://github.com/cisagov/pre-commit-shfmt
     rev: v0.0.2
@@ -90,7 +109,7 @@ repos:
         args:
           - --config=.bandit.yml
   - repo: https://github.com/psf/black
-    rev: 23.1.0
+    rev: 23.3.0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8
@@ -104,31 +123,31 @@ repos:
     hooks:
       - id: isort
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.1.1
+    rev: v1.3.0
     hooks:
       - id: mypy
   - repo: https://github.com/asottile/pyupgrade
-    rev: v3.3.1
+    rev: v3.4.0
     hooks:
       - id: pyupgrade
 
   # Ansible hooks
   - repo: https://github.com/ansible-community/ansible-lint
-    rev: v5.4.0
+    rev: v6.17.0
     hooks:
       - id: ansible-lint
       # files: molecule/default/playbook.yml
 
   # Terraform hooks
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.1
+    rev: v1.80.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
 
   # Docker hooks
   - repo: https://github.com/IamTheFij/docker-pre-commit
-    rev: v2.1.1
+    rev: v3.0.1
     hooks:
       - id: docker-compose-check
 

README.md

@@ -107,4 +107,4 @@ with this waiver of copyright interest.
 
 ## Author Information ##
 
-Mark Feldhousen, Jr. - <mark.feldhousen@trio.dhs.gov>
+Mark Feldhousen, Jr. - <mark.feldhousen@gwe.cisa.dhs.gov>

meta/main.yml

@@ -16,24 +16,23 @@ galaxy_info:
   namespace: cisagov
   platforms:
     # Amazon Linux 2023 does not appear to offer ClamAV
-    # - name: Amazon Linux 2023
+    # - name: Amazon Linux
     #   versions:
-    #     - any
+    #     - "2023"
     - name: Debian
       versions:
         - buster
         - bullseye
         - bookworm
     - name: Fedora
       versions:
-        - "36"
         - "37"
+        - "38"
     - name: Kali
       versions:
         - "2023"
     - name: Ubuntu
       versions:
-        - bionic
         - focal
         - jammy
   role_name: clamav

molecule/default/molecule-no-systemd.yml

@@ -10,11 +10,6 @@ dependency:
   name: galaxy
 driver:
   name: docker
-lint: |
-  set -e
-  yamllint .
-  ansible-lint
-  flake8
 platforms:
   - image: amazonlinux:2023
     name: amazonlinux2023
@@ -31,14 +26,11 @@ platforms:
   - image: kalilinux/kali-rolling
     name: kali
     platform: amd64
-  - image: fedora:36
-    name: fedora36
-    platform: amd64
   - image: fedora:37
     name: fedora37
     platform: amd64
-  - image: ubuntu:bionic
-    name: ubuntu18
+  - image: fedora:38
+    name: fedora38
     platform: amd64
   - image: ubuntu:focal
     name: ubuntu20

molecule/default/molecule-with-systemd.yml

@@ -9,11 +9,6 @@ dependency:
   name: galaxy
 driver:
   name: docker
-lint: |
-  set -e
-  yamllint .
-  ansible-lint
-  flake8
 platforms:
   # Amazon Linux 2023 doesn't appear to support clamav
   # - cgroupns_mode: host
@@ -61,15 +56,6 @@ platforms:
     privileged: yes
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
-    image: geerlingguy/docker-fedora36-ansible:latest
-    name: fedora36-systemd
-    platform: amd64
-    pre_build_image: yes
-    privileged: yes
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
   - cgroupns_mode: host
     command: /lib/systemd/systemd
     image: geerlingguy/docker-fedora37-ansible:latest
@@ -81,8 +67,8 @@ platforms:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw
   - cgroupns_mode: host
     command: /lib/systemd/systemd
-    image: geerlingguy/docker-ubuntu1804-ansible:latest
-    name: ubuntu-18-systemd
+    image: geerlingguy/docker-fedora38-ansible:latest
+    name: fedora38-systemd
     platform: amd64
     pre_build_image: yes
     privileged: yes

molecule/default/upgrade.yml

@@ -2,7 +2,7 @@
 - hosts: all
   name: Upgrade base image
   become: yes
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   tasks:
     - name: Upgrade system packages
       ansible.builtin.include_role:

requirements-test.txt

@@ -8,10 +8,11 @@
 # We need at least version 6 to correctly identify Amazon Linux 2023
 # as using the dnf package manager.
 ansible>=6,<7
-ansible-lint>=5,<6
-flake8
-molecule
+# With the release of molecule v5 there were some breaking changes so
+# we need to pin at v5 or newer. However, v5.0.0 had an internal
+# dependency issue so we must use the bugfix release as the actual
+# lower bound.
+molecule>=5.0.1
 molecule-plugins[docker]
 pre-commit
 pytest-testinfra
-yamllint

setup-env

@@ -65,7 +65,7 @@ done
 eval set -- "$PARAMS"
 
 # Check to see if pyenv is installed
-if [ -z "$(command -v pyenv)" ] || [ -z "$(command -v pyenv-virtualenv)" ]; then
+if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ]; }; then
   echo "pyenv and pyenv-virtualenv are required."
   if [[ "$OSTYPE" == "darwin"* ]]; then
     cat << 'END_OF_LINE'
@@ -186,5 +186,5 @@ else:
 END_OF_LINE
 )"
 
-# Qapla
+# Qapla'
 echo "Success!"

update_molecule_images.sh

@@ -42,4 +42,7 @@ fi
 
 check_dependencies
 
+# Note that we can't use --max-args in place of -n in the xargs
+# command since the version of xargs distributed with macOS does not
+# support it.
 yq '.platforms[].image' < "$source_file" | xargs -n 1 docker pull