Merge pull request #83 from cisagov/lineage/skeleton

⚠️ CONFLICT! Lineage pull request for: skeleton

.ansible-lint

@@ -1,10 +1,9 @@
 ---
-# See https://ansible-lint.readthedocs.io/en/latest/configuring.html
-# for a list of the configuration elements that can exist in this
-# file.
+# See https://ansible-lint.readthedocs.io/configuring/ for a list of
+# the configuration elements that can exist in this file.
 enable_list:
   # Useful checks that one must opt-into.  See here for more details:
-  # https://ansible-lint.readthedocs.io/en/latest/rules.html
+  # https://ansible-lint.readthedocs.io/rules/
   - fcqn-builtins
   - no-log-password
   - no-same-owner

.github/CODEOWNERS

@@ -3,8 +3,8 @@
 # These owners will be the default owners for everything in the
 # repo. Unless a later match takes precedence, these owners will be
 # requested for review when someone opens a pull request.
-* @dav3r @jsf9k @mcdonnnj
+* @dav3r @jasonodoom @jsf9k @mcdonnnj
 
 # These folks own any files in the .github directory at the root of
 # the repository and any of its subdirectories.
-/.github/ @dav3r @felddy @jsf9k @mcdonnnj
+/.github/ @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj

.github/workflows/build.yml

@@ -51,13 +51,16 @@ jobs:
       - id: setup-python
         uses: actions/setup-python@v4
         with:
-          python-version: "3.10"
+          python-version: "3.11"
       # We need the Go version and Go cache location for the actions/cache step,
       # so the Go installation must happen before that.
       - id: setup-go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
-          go-version: "1.19"
+          # There is no expectation for actual Go code so we disable caching as
+          # it relies on the existence of a go.sum file.
+          cache: false
+          go-version: "1.20"
       - name: Lookup Go cache directory
         id: go-cache
         run: |
@@ -117,7 +120,7 @@ jobs:
         run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
       - name: Install dependencies
         run: |
-          python -m pip install --upgrade pip
+          python -m pip install --upgrade pip setuptools wheel
           pip install --upgrade --requirement requirements-test.txt
       - name: Set up pre-commit hook environments
         run: pre-commit install-hooks
@@ -307,7 +310,7 @@ jobs:
       - id: setup-python
         uses: actions/setup-python@v4
         with:
-          python-version: "3.10"
+          python-version: "3.11"
       - name: Cache testing environments
         uses: actions/cache@v3
         env:
@@ -322,7 +325,7 @@ jobs:
             ${{ env.BASE_CACHE_KEY }}
       - name: Install dependencies
         run: |
-          python -m pip install --upgrade pip
+          python -m pip install --upgrade pip setuptools wheel
           pip install --upgrade --requirement requirements-test.txt
       - name: Download docker image artifact
         uses: actions/download-artifact@v3

.pre-commit-config.yaml

@@ -31,35 +31,54 @@ repos:
 
   # Text file hooks
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.33.0
+    rev: v0.34.0
     hooks:
       - id: markdownlint
         args:
           - --config=.mdl_config.yaml
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v3.0.0-alpha.4
+    rev: v3.0.0-alpha.9-for-vscode
     hooks:
       - id: prettier
   - repo: https://github.com/adrienverge/yamllint
-    rev: v1.29.0
+    rev: v1.32.0
     hooks:
       - id: yamllint
         args:
           - --strict
 
   # GitHub Actions hooks
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.21.0
+    rev: 0.23.1
     hooks:
       - id: check-github-actions
       - id: check-github-workflows
 
   # pre-commit hooks
   - repo: https://github.com/pre-commit/pre-commit
-    rev: v3.0.2
+    rev: v3.3.2
     hooks:
       - id: validate_manifest
 
+  # Go hooks
+  - repo: https://github.com/TekWizely/pre-commit-golang
+    rev: v1.0.0-rc.1
+    hooks:
+      # Style Checkers
+      - id: go-critic
+      # StaticCheck
+      - id: go-staticcheck-repo-mod
+      # Go Build
+      - id: go-build-repo-mod
+      # Go Mod Tidy
+      - id: go-mod-tidy-repo
+      # Go Test
+      - id: go-test-repo-mod
+      # Go Vet
+      - id: go-vet-repo-mod
+      # GoSec
+      - id: go-sec-repo-mod
+
   # Shell script hooks
   - repo: https://github.com/cisagov/pre-commit-shfmt
     rev: v0.0.2
@@ -83,7 +102,7 @@ repos:
   # Python hooks
   # Run bandit on the "tests" tree with a configuration
   - repo: https://github.com/PyCQA/bandit
-    rev: 1.7.4
+    rev: 1.7.5
     hooks:
       - id: bandit
         name: bandit (tests tree)
@@ -92,13 +111,13 @@ repos:
           - --config=.bandit.yml
   # Run bandit on everything except the "tests" tree
   - repo: https://github.com/PyCQA/bandit
-    rev: 1.7.4
+    rev: 1.7.5
     hooks:
       - id: bandit
         name: bandit (everything else)
         exclude: tests
   - repo: https://github.com/psf/black
-    rev: 22.12.0
+    rev: 23.3.0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8
@@ -112,31 +131,31 @@ repos:
     hooks:
       - id: isort
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v0.991
+    rev: v1.3.0
     hooks:
       - id: mypy
   - repo: https://github.com/asottile/pyupgrade
-    rev: v3.3.1
+    rev: v3.4.0
     hooks:
       - id: pyupgrade
 
   # Ansible hooks
   - repo: https://github.com/ansible-community/ansible-lint
-    rev: v5.4.0
+    rev: v6.17.0
     hooks:
       - id: ansible-lint
       # files: molecule/default/playbook.yml
 
   # Terraform hooks
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.0
+    rev: v1.80.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
 
   # Docker hooks
   - repo: https://github.com/IamTheFij/docker-pre-commit
-    rev: v2.1.1
+    rev: v3.0.1
     hooks:
       - id: docker-compose-check
 

Dockerfile

@@ -37,6 +37,7 @@ RUN groupadd --system --gid ${CISA_GID} ${CISA_GROUP} \
 ###
 ENV DEPS \
     build-essential \
+    cmake \
     curl \
     git \
     libc6-dev \

README.md

@@ -30,7 +30,7 @@ expects the secrets in a different location.
 To run the `cisagov/pshtt_reporter` image via Docker:
 
 ```console
-docker run cisagov/pshtt_reporter:1.2.10
+docker run cisagov/pshtt_reporter:1.2.11
 ```
 
 ### Running with Docker Compose ###
@@ -43,7 +43,7 @@ docker run cisagov/pshtt_reporter:1.2.10
 
     services:
       pshtt_reporter:
-        image: cisagov/pshtt_reporter:1.2.10
+        image: cisagov/pshtt_reporter:1.2.11
         volumes:
           - type: bind
             source: <your_log_dir>
@@ -89,7 +89,7 @@ environment variables.  See the
 
     services:
       pshtt_reporter:
-        image: cisagov/pshtt_reporter:1.2.10
+        image: cisagov/pshtt_reporter:1.2.11
         volumes:
           - type: bind
             source: <your_log_dir>
@@ -126,7 +126,7 @@ environment variables.  See the
 1. Pull the new image:
 
     ```console
-    docker pull cisagov/pshtt_reporter:1.2.10
+    docker pull cisagov/pshtt_reporter:1.2.11
     ```
 
 1. Recreate and run the container by following the [previous instructions](#running-with-docker).
@@ -136,11 +136,11 @@ environment variables.  See the
 The images of this container are tagged with [semantic
 versions](https://semver.org) of the underlying example project that they
 containerize.  It is recommended that most users use a version tag (e.g.
-`:1.2.10`).
+`:1.2.11`).
 
 | Image:tag | Description |
 |-----------|-------------|
-|`cisagov/pshtt_reporter:1.2.10`| An exact release version. |
+|`cisagov/pshtt_reporter:1.2.11`| An exact release version. |
 |`cisagov/pshtt_reporter:1.2`| The most recent release matching the major and minor version numbers. |
 |`cisagov/pshtt_reporter:1`| The most recent release matching the major version number. |
 |`cisagov/pshtt_reporter:edge` | The most recent image built from a merge into the `develop` branch of this repository. |
@@ -204,7 +204,7 @@ Build the image locally using this git repository as the [build context](https:/
 
 ```console
 docker build \
-  --tag cisagov/pshtt_reporter:1.2.10 \
+  --tag cisagov/pshtt_reporter:1.2.11 \
   https://github.com/cisagov/pshtt_reporter.git#develop
 ```
 
@@ -235,7 +235,7 @@ Docker:
       --file Dockerfile-x \
       --platform linux/amd64 \
       --output type=docker \
-      --tag cisagov/pshtt_reporter:1.2.10 .
+      --tag cisagov/pshtt_reporter:1.2.11 .
     ```
 
 ## Contributing ##

requirements-test.txt

@@ -1,4 +1,4 @@
 --requirement requirements.txt
 pre-commit
 pytest
-pytest-dockerc
+python-on-whales

setup-env

@@ -65,7 +65,7 @@ done
 eval set -- "$PARAMS"
 
 # Check to see if pyenv is installed
-if [ -z "$(command -v pyenv)" ] || [ -z "$(command -v pyenv-virtualenv)" ]; then
+if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ]; }; then
   echo "pyenv and pyenv-virtualenv are required."
   if [[ "$OSTYPE" == "darwin"* ]]; then
     cat << 'END_OF_LINE'
@@ -186,5 +186,5 @@ else:
 END_OF_LINE
 )"
 
-# Qapla
+# Qapla'
 echo "Success!"

src/report/generate_https_scan_report.py

@@ -462,7 +462,7 @@ def __score_domain(self, domain):
         score["hosts_with_weak_crypto"] = list()
         for host in domain["hosts_with_weak_crypto"]:
             weak_crypto_list = list()
-            for (wc_key, wc_text) in [
+            for wc_key, wc_text in [
                 ("sslv2", "SSLv2"),
                 ("sslv3", "SSLv3"),
                 ("any_3des", "3DES"),
@@ -761,7 +761,7 @@ def rehydrate_hosts_with_weak_crypto(d):
                 port = d["scanned_port"]
 
                 weak_crypto_list = list()
-                for (wc_key, wc_text) in [
+                for wc_key, wc_text in [
                     ("sslv2", "SSLv2"),
                     ("sslv3", "SSLv3"),
                     ("any_3des", "3DES"),

src/report/graphs.py

@@ -405,7 +405,7 @@ def plot(self, filename, size=1.0):
         # Colorize regions and add dividing lines if region_colors
         # present
         previous_day = 0
-        for (day, bgcolor) in self.region_colors:
+        for day, bgcolor in self.region_colors:
             # draw reference lines
             plt.axvline(x=day, color="#777777", linewidth=0.5)
             ax.annotate(
@@ -491,7 +491,7 @@ def too_close(self, trips):
         """Determine if we are too close."""
         if len(trips) <= 1:
             return False
-        for (inner, outer, wedge) in trips:
+        for inner, outer, wedge in trips:
             if wedge.theta2 - wedge.theta1 < TOO_SMALL_WEDGE:
                 return True
         return False

src/version.txt

@@ -1 +1 @@
-__version__ = "1.2.10"
+__version__ = "1.2.11"

tests/conftest.py

@@ -4,16 +4,25 @@
 """
 # Third-Party Libraries
 import pytest
+from python_on_whales import docker
 
 MAIN_SERVICE_NAME = "pshtt_reporter"
 VERSION_SERVICE_NAME = f"{MAIN_SERVICE_NAME}-version"
 
 
+@pytest.fixture(scope="session")
+def dockerc():
+    """Start up the Docker composition."""
+    docker.compose.up(detach=True)
+    yield docker
+    docker.compose.down()
+
+
 @pytest.fixture(scope="session")
 def main_container(dockerc):
     """Return the main container from the Docker composition."""
     # find the container by name even if it is stopped already
-    return dockerc.containers(service_names=[MAIN_SERVICE_NAME], stopped=True)[0]
+    return dockerc.compose.ps(services=[MAIN_SERVICE_NAME], all=True)[0]
 
 
 # See #45
@@ -24,7 +33,7 @@ def main_container(dockerc):
 #     The version container should just output the version of its underlying contents.
 #     """
 #     # find the container by name even if it is stopped already
-#     return dockerc.containers(service_names=[VERSION_SERVICE_NAME], stopped=True)[0]
+#     return dockerc.compose.ps(services=[VERSION_SERVICE_NAME], all=True)[0]
 
 
 def pytest_addoption(parser):