Merge pull request #1160 from felddy/port/pre-release

Port/pre release

.ansible-lint

@@ -1,10 +1,9 @@
 ---
-# See https://ansible-lint.readthedocs.io/en/latest/configuring.html
-# for a list of the configuration elements that can exist in this
-# file.
+# See https://ansible-lint.readthedocs.io/configuring/ for a list of
+# the configuration elements that can exist in this file.
 enable_list:
   # Useful checks that one must opt-into.  See here for more details:
-  # https://ansible-lint.readthedocs.io/en/latest/rules.html
+  # https://ansible-lint.readthedocs.io/rules/
   - fcqn-builtins
   - no-log-password
   - no-same-owner

.bandit.yml

@@ -3,7 +3,7 @@
 # https://bandit.readthedocs.io/en/latest/config.html
 
 # Tests are first included by `tests`, and then excluded by `skips`.
-# If `tests` is empty, all tests are are considered included.
+# If `tests` is empty, all tests are considered included.
 
 tests:
 # - B101

.github/dependabot.yml

@@ -7,8 +7,8 @@
 
 version: 2
 updates:
-  - package-ecosystem: "docker"
-    directory: "/"
+  - directory: /
+    package-ecosystem: docker
     schedule:
       interval: "daily"
     labels:
@@ -49,8 +49,8 @@ updates:
         patterns:
           - "*"
 
-  - package-ecosystem: "pip"
-    directory: "/"
+  - directory: /
+    package-ecosystem: pip
     schedule:
       interval: "daily"
     labels:

.github/workflows/build.yml

@@ -3,10 +3,13 @@
 name: Build
 
 on:
+  merge_group:
+    types:
+      - checks_requested
+  pull_request:
   push:
     branches:
       - '**'
-  pull_request:
   release:
     types: [edited, published]
   schedule:
@@ -22,6 +25,14 @@ permissions:
   actions: read
   contents: read
 
+# Set a default shell for any run steps. The `-Eueo pipefail` sets errtrace,
+# nounset, errexit, and pipefail. The `-x` will print all commands as they are
+# run. Please see the GitHub Actions documentation for more information:
+# https://docs.github.com/en/actions/using-jobs/setting-default-values-for-jobs
+defaults:
+  run:
+    shell: bash -Eueo pipefail -x {0}
+
 jobs:
   diagnostics:
     name: "Diagnostics"

.github/workflows/codeql-analysis.yml

@@ -4,20 +4,22 @@
 #
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
+name: CodeQL
 
 on:
-  push:
-    branches: [develop, develop-prerelease]
+  merge_group:
+    types:
+      - checks_requested
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [develop, develop-prerelease]
+    # The branches here must be a subset of the ones in the push key
+    branches:
+      - develop
+      - develop-prerelease
+  push:
+    # Dependabot triggered push events have read-only access, but uploading code
+    # scanning requires write access.
+    branches-ignore:
+      - dependabot/**
   schedule:
     - cron: '31 7 * * 2'
 
@@ -26,12 +28,18 @@ permissions:
   contents: read
 
 jobs:
+  diagnostics:
+    name: Run Diagnostics
+    uses: felddy/reusable-workflows/.github/workflows/diagnostics.yml@v2
   analyze:
     name: Analyze
+    needs:
+      - diagnostics
     runs-on: ubuntu-latest
     permissions:
-      actions: read
+      # actions/checkout needs this to fetch code
       contents: read
+      # required for all workflows
       security-events: write
 
     strategy:
@@ -54,15 +62,15 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a  # tag=codeql-bundle-v3.28.8
+        uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0  # tag=codeql-bundle-v3.28.9
         with:
           languages: ${{ matrix.language }}
 
       # Autobuild attempts to build any compiled languages (C/C++, C#, or
       # Java). If this step fails, then you should remove it and run the build
       # manually (see below).
       - name: Autobuild
-        uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a  # tag=codeql-bundle-v3.28.8
+        uses: github/codeql-action/autobuild@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0  # tag=codeql-bundle-v3.28.9
 
       # ℹ️ Command-line programs to run using the OS shell. 📚
       # https://git.io/JvXDl
@@ -76,4 +84,4 @@ jobs:
       #     make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a  # tag=codeql-bundle-v3.28.8
+        uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0  # tag=codeql-bundle-v3.28.9

.github/workflows/scorecards.yml

@@ -60,6 +60,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a  # tag=codeql-bundle-v3.28.8
+        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0  # tag=codeql-bundle-v3.28.9
         with:
           sarif_file: results.sarif

.github/workflows/sync-labels.yml

@@ -4,14 +4,20 @@ name: sync-labels
 on:
   push:
     paths:
-      - '.github/labels.yml'
-      - '.github/workflows/sync-labels.yml'
+      - .github/labels.yml
+      - .github/workflows/sync-labels.yml
+  workflow_dispatch:
 
 permissions:
   contents: read
 
 jobs:
+  diagnostics:
+    name: Run Diagnostics
+    uses: felddy/reusable-workflows/.github/workflows/diagnostics.yml@v2
   labeler:
+    needs:
+      - diagnostics
     permissions:
       # actions/checkout needs this to fetch code
       contents: read