update template (#17)

Author: evanharmon1

Taskfile.yml

@@ -31,6 +31,7 @@ tasks:
   snyk:
     cmds:
       - snyk test --file=requirements.txt
+      - snyk test --file=package.json
     silent: true
   ghReleaseInit:
     cmds:

secret

@@ -0,0 +1,70 @@
+name: Bump Release Version
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  bump-release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 # Fetch all history for versioning
+
+      - name: Get Latest Tag
+        id: get_latest_tag
+        run: |
+          LATEST_TAG=$(git tag --sort=-version:refname | head -n1)
+          echo "LATEST_TAG=${LATEST_TAG}" >> $GITHUB_ENV
+
+      - name: Get Current Version
+        id: get_current_version
+        run: |
+          VERSION=${{ env.LATEST_TAG }}
+          VERSION=${VERSION#v}
+          echo "VERSION=${VERSION}" >> $GITHUB_ENV
+
+      - name: Split Version into Components
+        id: split_version
+        run: |
+          MAJOR=$(echo "${{ env.VERSION }}" | cut -d. -f1)
+          MINOR=$(echo "${{ env.VERSION }}" | cut -d. -f2)
+          PATCH=$(echo "${{ env.VERSION }}" | cut -d. -f3)
+          echo "MAJOR=${MAJOR}" >> $GITHUB_ENV
+          echo "MINOR=${MINOR}" >> $GITHUB_ENV
+          echo "PATCH=${PATCH}" >> $GITHUB_ENV
+
+      - name: Calculate New Patch Version
+        id: calculate_new_patch_version
+        run: |
+          NEW_PATCH=$(( ${{ env.PATCH }} + 1 ))
+          echo "NEW_PATCH=${NEW_PATCH}" >> $GITHUB_ENV
+
+      - name: Set New Version
+        id: set_new_version
+        run: |
+          NEW_VERSION="v${{ env.MAJOR }}.${{ env.MINOR }}.${{ env.NEW_PATCH }}"
+          echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV
+
+      - name: Display Version Info
+        run: |
+          echo "Latest tag is ${{ env.LATEST_TAG }}"
+          echo "Current version is ${{ env.VERSION }}"
+          echo "Bumping patch version to ${{ env.NEW_VERSION }}"
+
+      - name: Create New Git Tag
+        run: |
+          git tag "${{ env.NEW_VERSION }}"
+          git push origin "${{ env.NEW_VERSION }}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create GitHub Release
+        run: |
+          gh release create "${{ env.NEW_VERSION }}" --generate-notes
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

template/.github/{% if ci_cd == 'github_actions' %}workflows{% endif %}/release.yml

@@ -9,7 +9,7 @@ jobs:
       - uses: actions/checkout@v3
       # E.g., to check for my `~/Local/.secret` file
       - name: Custom check for secret files
-        run: ./osConfig/shell/bin/check_for_pattern.sh . "*secret*"
+        run: ./check_for_pattern.sh . "*secret*"
       - name: Install Whispers
         run: sudo pip install whispers
       # Use whispers to check repo for unecrypted secrets, passwords, etc.

template/.github/{% if ci_cd == 'github_actions' %}workflows{% endif %}/security.yaml renamed to template/.github/{% if ci_cd == 'github_actions' %}workflows{% endif %}/security.yml

@@ -9,7 +9,6 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-python@v4
         with:
-          python-version: 3.x
-      - uses: pre-commit/[email protected]
-      - uses: pre-commit-ci/[email protected]
-        if: always()
+          python-version: 3.9
+      - uses: pre-commit/[email protected]
+      - uses: pre-commit-ci/[email protected]

template/.github/{% if ci_cd == 'github_actions' %}workflows{% endif %}/validate.yaml renamed to template/.github/{% if ci_cd == 'github_actions' %}workflows{% endif %}/validate.yml

@@ -1,19 +1,18 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v5.0.0
     hooks:
       - id: check-yaml
       - id: end-of-file-fixer
       - id: trailing-whitespace
         args: [--markdown-linebreak-ext=md]
       - id: check-case-conflict
       - id: check-executables-have-shebangs
-        exclude: '\.go$'
       - id: check-json
       - id: check-merge-conflict
       - id: check-shebang-scripts-are-executable
         exclude: "^(codeTemplates/|tempalte/|{% if code_templates %}codeTemplates{% endif %}/)"
-      - id: check-symlinks
+      # - id: check-symlinks # I needed to disable since I use symbolic links to files outside my repo which will cause the CI check to fail.
       - id: check-toml
       - id: check-xml
       - id: debug-statements
@@ -23,11 +22,11 @@ repos:
       - id: mixed-line-ending
       - id: no-commit-to-branch
   - repo: https://github.com/psf/black
-    rev: 22.10.0
+    rev: 24.10.0
     hooks:
       - id: black
   - repo: https://github.com/detailyang/pre-commit-shell
-    rev: v1.0.6
+    rev: 1.0.5
     hooks:
       - id: shell-lint
         args:
@@ -39,21 +38,26 @@ repos:
             --severity=error,
           ]
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.81.0
+    rev: v1.96.1
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
       - id: terraform_checkov
       - id: infracost_breakdown
   - repo: https://github.com/adrienverge/yamllint
-    rev: v1.26.0
+    rev: v1.35.1
     hooks:
       - id: yamllint
         language_version: python3.9
   - repo: https://github.com/ansible/ansible-lint
-    rev: v6.17.2
+    rev: v6.22.2
     hooks:
       - id: ansible-lint
+        entry: python3 -m ansiblelint -v --force-color
+        language: python
+        # do not pass files to ansible-lint, see:
+        # https://github.com/ansible/ansible-lint/issues/611
+        pass_filenames: false
 ci:
   autofix_commit_msg: |
     [pre-commit.ci] auto fixes from pre-commit.com hooks

template/.pre-commit-config.yaml

@@ -4,6 +4,9 @@
 [{{ project_name }}]({{ project_url }})
 Author: {{ author_full_name }}
 
+[![Validate](https://github.com/{{ author_git_provider_username }}/{{ project_slug }}/actions/workflows/validate.yml/badge.svg)](https://github.com/{{ author_git_provider_username }}/{{ project_slug }}/actions/workflows/validate.yml)
+[![Security](https://github.com/{{ author_git_provider_username }}/{{ project_slug }}/actions/workflows/security.yml/badge.svg)](https://github.com/{{ author_git_provider_username }}/{{ project_slug }}/actions/workflows/security.yml)
+
 ## Setup & Installation
 
 ### Requirements

template/README.md.jinja

@@ -14,14 +14,17 @@ tasks:
   validate:
     cmds:
       - pre-commit run --all-files
-      - task: snyk
       # - shellcheck osConfig/mac/updateMac.sh
       # - shellcheck osConfig/mac/setupMac.sh
       # - shellcheck osConfig/mac/configureMacSettings.sh
     silent: true
+  pre-commit:
+    cmds:
+      - pre-commit run --all-files
+    silent: true
   security:
     cmds:
-      - ./check_for_pattern.sh "secret"
+      - ./check_for_pattern.sh . "*secret*"
       - whispers --config test/whisperConfig.yml --severity BLOCKER,CRITICAL .
       - task: snyk
     silent: true
@@ -82,7 +85,7 @@ tasks:
       - echo "Bumping minor version to {{.NEW_VERSION}}"
       - git tag {{.NEW_VERSION}}
       - git push origin {{.NEW_VERSION}}
-      - gh release create
+      - gh release create {{.NEW_VERSION}} --generate-notes
   vBumpMajor:
     desc: Bump to the next major version
     vars:
@@ -100,8 +103,8 @@ tasks:
       - echo "Current version is {{.VERSION}}"
       - echo "Bumping major version to {{.NEW_VERSION}}"
       - git tag {{.NEW_VERSION}}
-      - git push origin {{.NEW_VERSION}}{% endraw %}
-      - gh release create
+      - git push origin {{.NEW_VERSION}}
+      - gh release create{% endraw %}
   bunchAdd:
     cmds:
       - mv '.meta/Code Project - {{ project_name }}.bunch' '{{ bunches_directory }}/'