Update checklist, template package.json, design and business templates (#3)

* Update checklist, template package.json, design and business templates

* Update pre-commit. Add check for pattern shell script. Update github actions to node20

* revert to ubuntu

* Update actions versions

* update version

* version

* update python v

* pre-commit update

* try py 3.10

* try py 3.12

* test

* 310

* test

* test

* test

* test

* test

Author: evanharmon1

.github/workflows/security.yaml

@@ -9,7 +9,7 @@ jobs:
       - uses: actions/checkout@v3
       # E.g., to check for my `~/Local/.secret` file
       - name: Custom check for secret files
-        run: ./osConfig/shell/bin/check_for_pattern.sh . "*secret*"
+        run: ./check_for_pattern.sh . "*secret*"
       - name: Install Whispers
         run: sudo pip install whispers
       # Use whispers to check repo for unecrypted secrets, passwords, etc.

.github/workflows/validate.yaml

@@ -9,7 +9,6 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-python@v4
         with:
-          python-version: 3.x
-      - uses: pre-commit/[email protected]
-      - uses: pre-commit-ci/[email protected]
-        if: always()
+          python-version: 3.9
+      - uses: pre-commit/[email protected]
+      - uses: pre-commit-ci/[email protected]

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v5.0.0
     hooks:
       - id: check-yaml
       - id: end-of-file-fixer
@@ -12,7 +12,7 @@ repos:
       - id: check-merge-conflict
       - id: check-shebang-scripts-are-executable
         exclude: "^(codeTemplates/|tempalte/|{% if code_templates %}codeTemplates{% endif %}/)"
-      - id: check-symlinks
+      # - id: check-symlinks # I needed to disable since I use symbolic links to files outside my repo which will cause the CI check to fail.
       - id: check-toml
       - id: check-xml
       - id: debug-statements
@@ -22,11 +22,11 @@ repos:
       - id: mixed-line-ending
       - id: no-commit-to-branch
   - repo: https://github.com/psf/black
-    rev: 22.10.0
+    rev: 24.10.0
     hooks:
       - id: black
   - repo: https://github.com/detailyang/pre-commit-shell
-    rev: v1.0.6
+    rev: 1.0.5
     hooks:
       - id: shell-lint
         args:
@@ -38,21 +38,26 @@ repos:
             --severity=error,
           ]
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.81.0
+    rev: v1.96.1
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
       - id: terraform_checkov
       - id: infracost_breakdown
   - repo: https://github.com/adrienverge/yamllint
-    rev: v1.26.0
+    rev: v1.35.1
     hooks:
       - id: yamllint
         language_version: python3.9
-  - repo: https://github.com/ansible/ansible-lint
-    rev: v6.17.2
-    hooks:
-      - id: ansible-lint
+  # - repo: https://github.com/ansible/ansible-lint
+  #   rev: v24.9.2
+  #   hooks:
+  #     - id: ansible-lint
+  #       entry: python3 -m ansiblelint -v --force-color
+  #       language: python
+  #       # do not pass files to ansible-lint, see:
+  #       # https://github.com/ansible/ansible-lint/issues/611
+  #       pass_filenames: false
 ci:
   autofix_commit_msg: |
     [pre-commit.ci] auto fixes from pre-commit.com hooks

Taskfile.yml

@@ -14,14 +14,17 @@ tasks:
   validate:
     cmds:
       - pre-commit run --all-files
-      - task: snyk
       # - shellcheck osConfig/mac/updateMac.sh
       # - shellcheck osConfig/mac/setupMac.sh
       # - shellcheck osConfig/mac/configureMacSettings.sh
     silent: true
+  pre-commit:
+    cmds:
+      - pre-commit run --all-files
+    silent: true
   security:
     cmds:
-      - utils/check_for_pattern.sh "secret" #TODO: Add this script
+      - ./check_for_pattern.sh . "*secret*"
       - whispers --config test/whisperConfig.yml --severity BLOCKER,CRITICAL .
       - task: snyk
     silent: true

check_for_pattern.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+ #==============================================================================
+ #                       check_for_pattern
+ #==============================================================================
+# Check specified directory recursively for given pattern.
+# You can use regex patterns like "*pattern*"
+# Returns exit 1 if anything was found.
+# Author: Evan Harmon
+
+# -iname makes find case-insensitive
+check() {
+  echo "Searching in: $1"
+  if [[ $(find "$1" -iname $2) ]]; then
+    echo -e "\033[0;31m  $2 found!  \033[0m"
+    exit 1
+  else
+    echo -e "\033[1;32m  $2 was not found.  \033[0m"
+    exit 0
+  fi
+}
+
+# Parse CLI input
+if [ $# -eq 0 ]; then
+  echo "usage: check_for 'location' 'search text'"
+  exit 0
+elif [[ $2 == "help" || $2 == "--help" || $2 == "-h" ]]; then
+echo "usage: check_for 'location' 'search text'"
+  exit 0
+else
+  check "$1" "$2"
+fi

template/Taskfile.yml.jinja

@@ -21,7 +21,7 @@ tasks:
     silent: true
   security:
     cmds:
-      - utils/check_for_pattern.sh "secret" #TODO: Add this script
+      - ./check_for_pattern.sh "secret"
       - whispers --config test/whisperConfig.yml --severity BLOCKER,CRITICAL .
       - task: snyk
     silent: true

template/check_for_pattern.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+ #==============================================================================
+ #                       check_for_pattern
+ #==============================================================================
+# Check specified directory recursively for given pattern.
+# You can use regex patterns like "*pattern*"
+# Returns exit 1 if anything was found.
+# Author: Evan Harmon
+
+# -iname makes find case-insensitive
+check() {
+  echo "Searching in: $1"
+  if [[ $(find "$1" -iname $2) ]]; then
+    echo -e "\033[0;31m  $2 found!  \033[0m"
+    exit 1
+  else
+    echo -e "\033[1;32m  $2 was not found.  \033[0m"
+    exit 0
+  fi
+}
+
+# Parse CLI input
+if [ $# -eq 0 ]; then
+  echo "usage: check_for 'location' 'search text'"
+  exit 0
+elif [[ $2 == "help" || $2 == "--help" || $2 == "-h" ]]; then
+echo "usage: check_for 'location' 'search text'"
+  exit 0
+else
+  check "$1" "$2"
+fi

template/docs/CHECKLIST.md.jinja

@@ -25,4 +25,5 @@
   - Setup pre-commit
   - CI/CD
   - Add branch protection to main branch (prevent direct pushes to main)
+    - As of 2024 - GitHub doesn't let you setup branch protection on a private repo without being on a paid plan.
 - [ ] Testing Setup

template/package.json.jinja

@@ -3,7 +3,18 @@
   "version": "0.0.1",
   "description": "{{ project_description }}",
   "scripts": {
-    "start": "todo"
+    "start": "TODO: define npm command",
+    "dev": "TODO: define npm command",
+    "build": "TODO: define npm command",
+    "preview": "TODO: define npm command",
+    "deploy:staging": "TODO: define npm command",
+    "deploy:prod": "TODO: define npm command",
+    "check": "TODO: define npm command",
+    "check:eslint": "eslint .",
+    "check:prettier": "prettier --check .",
+    "fix": "npm run fix:eslint && npm run fix:prettier",
+    "fix:eslint": "eslint --fix .",
+    "fix:prettier": "prettier -w ."
   },
   "devDependencies": {
     "eslint": "^8.0.0",