Merge pull request #1 from remerge/create-role

create role
remerge · Dec 20, 2023 · 47647c2 · 47647c2
2 parents 16f75a8 + c4dcc2c
commit 47647c2
Show file tree

Hide file tree

Showing 34 changed files with 2,805 additions and 0 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -0,0 +1,22 @@
+---
+profile: production
+
+exclude_paths:
+  - .ansible/collections
+  - .ansible/roles
+  - .cache
+  - .github
+  - .tox
+  - meta/preferences.yml
+  - molecule/default/collections.yml
+  - molecule/default/converge.yml
+  - molecule/default/defaults.yml
+  - molecule/default/prepare.yml
+  - molecule/default/verify.yml
+  - requirements.yml
+
+skip_list:
+  - meta-no-info
+  - template-instead-of-copy
+  - var-naming[no-role-prefix]
+  - yaml[comments-indentation]
diff --git a/.checkov.yml b/.checkov.yml
@@ -0,0 +1,31 @@
+---
+quiet: true
+compact: false
+
+skip-check:
+  # https://github.com/bridgecrewio/checkov/issues/5286
+  - CKV_TF_1
+  # do not enforce Customer Supplied Encryption Keys (CSEK)
+  - CKV_GCP_37
+  - CKV_GCP_38
+  - CKV_GCP_80
+  - CKV_GCP_81
+  - CKV_GCP_83
+  - CKV_GCP_84
+  - CKV_GCP_85
+  - CKV_GCP_90
+  - CKV_GCP_91
+  - CKV_GCP_93
+  # do not enforce vpc flow logs
+  - CKV_GCP_26
+  - CKV_GCP_61
+  # restricted default service account is ok
+  - CKV_GCP_30
+  # do not enforce bucket access log
+  - CKV_GCP_62
+  # do not enforce bucket object versioning
+  - CKV_GCP_78
+  # we want serial port console access
+  - CKV_GCP_35
+  # base64 high entropy check causes too many false positives
+  - CKV_SECRET_6
diff --git a/.copier-answers.yml b/.copier-answers.yml
@@ -0,0 +1,10 @@
+---
+# Changes here will be overwritten by Copier
+_commit: v2.7.1
+_src_path: gh:remerge/template
+project_id: ansible-role-consul-template
+project_license: apache-2.0
+project_name: Ansible role for Consul-template
+project_owner: core
+project_type: ansible-role
+use_python: true
diff --git a/.envrc b/.envrc
@@ -0,0 +1,43 @@
+# Turns on shell execution strictness. This will force the .envrc
+# evaluation context to exit immediately if:
+#
+# - any command in a pipeline returns a non-zero exit status that is
+#   not otherwise handled as part of `if`, `while`, or `until` tests,
+#   return value negation (`!`), or part of a boolean (`&&` or `||`)
+#   chain.
+# - any variable that has not explicitly been set or declared (with
+#   either `declare` or `local`) is referenced.
+strict_env
+
+# Loads a ".env" file into the current environment
+dotenv_if_exists "${PWD}"/../.env
+dotenv_if_exists "${PWD}"/.env
+
+# Add local scripts to PATH
+PATH_add "${PWD}/bin"
+
+# Enforce correct 1Password account
+export OP_ACCOUNT=remerge.1password.com
+
+# Disable macOS fork safety for Python compatibility
+# https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#running-on-macos
+export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
+
+# Make sure ansible-pylibssh can be compiled on macOS
+if [[ -e /opt/homebrew/opt/libssh ]]; then
+    export LDFLAGS="-L/opt/homebrew/opt/libssh/lib"
+    export CPPFLAGS="-I/opt/homebrew/opt/libssh/include"
+fi
+
+# Load poetry virtual env
+if [[ ! -d "${PWD}/.venv" ]]; then
+    # link the poetry virtualenv to .venv for other tools to use
+    ln -nfs "$(poetry run poetry env info -p)" "${PWD}/.venv"
+fi
+
+export POETRY_ACTIVE=1
+export VIRTUAL_ENV="${PWD}/.venv"
+PATH_add "${VIRTUAL_ENV}/bin"
+
+# shellcheck disable=SC2155
+export PYTHON_SITE_DIR=$(echo "${VIRTUAL_ENV}"/lib/*/site-packages)
diff --git a/.flake8 b/.flake8
@@ -0,0 +1,2 @@
+[flake8]
+ignore = E501
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,2 @@
+# By default all files are owned by the project owner
+* @remerge/core
diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml
@@ -0,0 +1,8 @@
+---
+self-hosted-runner:
+  labels:
+    - generic
+    - self-hosted
+    - nomad
+    - docker
+    - default
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -0,0 +1,50 @@
+---
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches: [main, master]
+
+permissions:
+  actions: none
+  checks: none
+  contents: read
+  deployments: none
+  discussions: none
+  id-token: none
+  issues: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install poetry
+        uses: snok/install-poetry@v1
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: "poetry"
+
+      - name: Load envrc
+        uses: HatsuneMiku3939/direnv-action@v1
+
+      - name: Setup pre-commit
+        run: python -m pip install pre-commit
+
+      - name: Install project dependencies
+        run: make install
+
+      - name: Run pre-commit checks
+        uses: pre-commit/[email protected]
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# By default all files are owned by the project owner
		* @remerge/core