yamlfmt

.github/workflows/publish.yaml

@@ -1,5 +1,4 @@
 name: CI Test and Publish Workflow
-
 on:
   push:
     branches: [main]
@@ -16,7 +15,6 @@ env:
   IMAGE_NAME: ${{ github.repository }}
   DOCKER_BUILDKIT: "1"
   TERM: linux
-
 jobs:
   security:
     strategy:

.pre-commit-config.yaml

@@ -6,57 +6,74 @@
 #
 # See https://pre-commit.com for more information
 # See https://pre-commit.com/hooks.html for more hooks
+default_stages:
+  - pre-commit
 repos:
--   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
-    hooks:
-    -   id: trailing-whitespace
-    -   id: end-of-file-fixer
-    -   id: check-yaml
-        args: [--allow-multiple-documents]
-    -   id: check-added-large-files
-- repo: https://github.com/myint/autoflake
-  rev: v2.2.1
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v6.0.0
   hooks:
-    - id: autoflake
-      args:
-        - --in-place
-        - --remove-unused-variables
-        - --remove-all-unused-imports
--   repo: https://github.com/psf/black
-    rev: 23.11.0
-    hooks:
-    -   id: black
-- repo: https://github.com/pycqa/isort
-  rev: 5.12.0
+  # Manage spaces.
+  - id: trailing-whitespace
+  - id: end-of-file-fixer
+  - id: check-added-large-files
+  - id: check-symlinks
+  - id: mixed-line-ending
+    args: [--fix=lf]
+  # Check file syntax/format
+  - id: check-xml
+  - id: check-json
+  - id: check-yaml
+    args: [--allow-multiple-documents]
+  # Security checks.
+  - id: detect-private-key
+  - id: detect-aws-credentials
+    args:
+    # See https://github.com/pre-commit/pre-commit-hooks/issues/174
+    - --allow-missing-credentials
+- repo: https://github.com/google/yamlfmt
+  rev: v0.21.0
   hooks:
-    - id: isort
-      name: isort (python)
-      # Use black profile for isort to avoid conflicts
-      #   see https://github.com/PyCQA/isort/issues/1518
-      args: ["--profile", "black"]
-    - id: isort
-      name: isort (cython)
-      types: [cython]
-    - id: isort
-      name: isort (pyi)
-      types: [pyi]
-- repo: https://github.com/pycqa/flake8
-  rev: 6.1.0
+  - id: yamlfmt
+    files: \.(yaml|yml)$
+    exclude: 'config\.yaml'
+#
+# Python linters.
+#
+- repo: https://github.com/astral-sh/ruff-pre-commit
+  # Ruff version.
+  rev: v0.14.13
+  hooks:
+  # Run the linter.
+  - id: ruff
+    args: [--fix]
+    files: ^python-high-school/
+    exclude: ^ansible-101/|python-for-sysadmin|\.ipynb$
+  - # Run the formatter.
+    id: ruff-format
+    files: ^python-high-school/
+    exclude: ^ansible-101/|python-for-sysadmin|\.ipynb$
+- repo: https://github.com/pre-commit/mirrors-mypy
+  rev: v1.19.1
   hooks:
-  - id: flake8
-- repo: https://github.com/PyCQA/bandit
-  rev: 1.7.5
+  - id: mypy
+    additional_dependencies: [types-PyYAML]
+    exclude: ^tests/
+#
+# Security linters.
+#
+- repo: https://github.com/bridgecrewio/checkov.git
+  rev: 3.2.497  # change to tag or sha
   hooks:
-    - id: bandit
-      name: bandit
-      args: ["-c", ".bandit.yaml"]
-      description: 'Bandit is a tool for finding common security issues in Python code'
-      entry: bandit
-      language: python
-      language_version: python3
-      types: [python]
-- repo: https://github.com/Lucas-C/pre-commit-hooks-safety
-  rev: v1.3.2
+  - id: checkov
+  - id: checkov_secrets
+    stages: ["pre-push"]
+- repo: local
   hooks:
-    - id: python-safety-dependencies-check
+  - id: trufflehog
+    name: TruffleHog
+    description: Detect secrets in your data.
+    entry: bash -c 'docker run --rm -v "$(pwd):/workdir" -i --rm
+      trufflesecurity/trufflehog:latest git file:///workdir --since-commit
+      HEAD --results=verified,unknown --fail'
+    language: system
+    stages: ["pre-push"]

.travis.yml

@@ -1,8 +1,7 @@
 language: python
 python:
-    - 2.7
-    - 3.3
-
+  - 2.7
+  - 3.3
 # Setup anaconda
 before_install:
   - wget http://repo.continuum.io/miniconda/Miniconda-latest-Linux-x86_64.sh -O miniconda.sh
@@ -18,7 +17,6 @@ before_install:
 install:
   - conda install --yes python=$TRAVIS_PYTHON_VERSION atlas numpy scipy matplotlib nose dateutil pandas statsmodels conda-env
   - conda install --yes python=$TRAVIS_PYTHON_VERSION $(python-for-sysadmin/requirements.txt)
-
 # Run test
 script:
-    - nosetests
+  - nosetests

ansible-101/deleteme-digitalocean.yml

@@ -12,15 +12,15 @@
 - hosts: localhost
   gather_facts: false
   tasks:
-  - name: Delete machine for the course.
-    community.digitalocean.digital_ocean_droplet:
-      state: absent
-      name: "{{item}}"
-      unique_name: yes
-      region: fra1
-      image: docker-18-04
-      wait_timeout: 500
-    register: my_droplet
-    with_items:
-    - deleteme-1
-    - deleteme-2
+    - name: Delete machine for the course.
+      community.digitalocean.digital_ocean_droplet:
+        state: absent
+        name: "{{item}}"
+        unique_name: yes
+        region: fra1
+        image: docker-18-04
+        wait_timeout: 500
+      register: my_droplet
+      with_items:
+        - deleteme-1
+        - deleteme-2

ansible-101/docker-compose.yml

@@ -2,66 +2,58 @@
 version: "2"
 services:
   dev:
-      build: .
-      hostname: sysadminpy
-      environment:
+    build: .
+    hostname: sysadminpy
+    environment:
       - USE_HTTP=1
       - PASSWORD=secret
-      ports:
+    ports:
       - 8888:8888
-      volumes:
+    volumes:
       - ./notebooks:/notebooks:z
       - ./notebooks/custom.css:/root/.jupyter/custom/custom.css
       - .:/code:z
-      network_mode: bridge
-      entrypoint: /bin/sh
-      command: -c "/usr/local/bin/jupyter-notebook --ip 0.0.0.0 --allow-root"
-
-
+    network_mode: bridge
+    entrypoint: /bin/sh
+    command: -c "/usr/local/bin/jupyter-notebook --ip 0.0.0.0 --allow-root"
   test:
-      image: ioggstream/python-course
-      volumes:
+    image: ioggstream/python-course
+    volumes:
       - ./notebooks:/notebooks:z
       # entrypoint: tail -f /etc/hosts
-
-
   # Official image from docker hub
   course:
-      image: ghcr.io/ioggstream/python-course:python27
-      user: root
-      environment:
+    image: ghcr.io/ioggstream/python-course:python27
+    user: root
+    environment:
       - USE_HTTP=1
       - DOCKER_HOST=172.17.0.1
       - SHELL=/bin/bash
-      volumes:
+    volumes:
       - ./notebooks:/notebooks:z
       - ./notebooks/custom.css:/root/.jupyter/custom/custom.css
       - .:/code:z
-      network_mode: bridge
-      ports:
+    network_mode: bridge
+    ports:
       - 8888:8888
-      entrypoint: /bin/sh
-      command: -c "/usr/local/bin/jupyter-notebook --ip 0.0.0.0 --allow-root"
-
-
+    entrypoint: /bin/sh
+    command: -c "/usr/local/bin/jupyter-notebook --ip 0.0.0.0 --allow-root"
   # Some ssh-enabled docker containers
   #  for student homework
   bastion:
-      build:
-          context: .
-          dockerfile:  Dockerfile.ssh
-      volumes:
+    build:
+      context: .
+      dockerfile: Dockerfile.ssh
+    volumes:
       - .:/code:z
-      network_mode: bridge
-
-
+    network_mode: bridge
   # Some ssh-enabled docker containers
   #  for student homework
   web:
-      build:
-          context: .
-          dockerfile:  Dockerfile.ssh
-      volumes:
+    build:
+      context: .
+      dockerfile: Dockerfile.ssh
+    volumes:
       - .:/code:z
-      # - ./notebooks/exercise-01/id_ansible.pub:/root/.ssh/authorized_keys:z
-      network_mode: bridge
+    # - ./notebooks/exercise-01/id_ansible.pub:/root/.ssh/authorized_keys:z
+    network_mode: bridge

ansible-101/notebooks/exercise-00/python-course-test.yml

@@ -6,12 +6,10 @@
   tasks:
     - name: The /notebooks directory should exist
       file: path="/notebooks" state=directory
-
     - name: jupyter is responding on 8888
       uri:
         url: http://0.0.0.0:8888/notebooks
         validate_certs: false
-        status_code: 200  # modify this line to simulate an error and see the outcome!
-
+        status_code: 200 # modify this line to simulate an error and see the outcome!
     - name: The template.conf is in place
       file: path="/tmp/template.conf" state=file

ansible-101/notebooks/exercise-00/site.yml

@@ -4,13 +4,11 @@
 #
 - hosts: course
   tasks:
-
     - name: Create a file from a template
       template: src=mytemplate.j2 dest=/tmp/template.conf
-
     - name: Ensure needed packages are present and eventually install them
       apt: name={{item}} state=present
       with_items:
         - python
         - python-dev
-      ignore_errors: yes  #  ignore errors during the course (eg. connectivity)
+      ignore_errors: yes #  ignore errors during the course (eg. connectivity)

ansible-101/notebooks/exercise-03/conditions.yml

@@ -1,23 +1,19 @@
----
 - hosts: localhost
   tags: when
   tasks:
     - debug: msg="This always happens"
       when: true
     - debug: msg="This never does"
       when: false
-
 - hosts: localhost
   tags: assert
   tasks:
     - debug:
         msg: "This is Linux!"
       when: ansible_system == 'Linux'
-
     - fail:
         msg: "Stop processing now!"
       when: ansible_architecture == 'x86_64'
-
 - hosts: localhost
   tags: exercise
   tasks:

ansible-101/notebooks/exercise-03/environment.yml

@@ -1,9 +1,10 @@
----
 - hosts: localhost
   tasks:
     - name: Iterate thru environment
       debug:
         var: >
           ansible_env.{{ item }}
+
       with_items: >
         {{ ansible_env | map('regex_search', '^PATH') | select('string') | list  }}
+

ansible-101/notebooks/exercise-03/fileglob.yml

@@ -1,20 +1,18 @@
----
 - hosts: web
   tags: fileglob
   tasks:
     - name: You can implement a remote fileglob in 2 steps
       shell: >
         ls /etc/host*
-      register: fileglob_remote
 
+      register: fileglob_remote
     - name: Here we go
       debug:
         msg: >-
           {{ item }}
       with_items: >
         {{ fileglob_remote.stdout_lines }}
 
-
 - hosts: web, localhost
   tags: environment
   environment:
@@ -23,6 +21,7 @@
     - name: Passing a shell variable to the whole play
       shell: >
         echo $WELCOME
+
       register: o
     - name: EuroPython is here
       debug:

ansible-101/notebooks/exercise-03/get-facts-solution.yml

@@ -1,12 +1,10 @@
----
 #
 # Use this playbook to dump ansible facts
 #
 - hosts: localhost
   name: >
-    Use this section to complete the exercise,
-    and the next section as a reference for
-    the debug module.
+    Use this section to complete the exercise, and the next section as a reference for the debug module.
+
   tasks:
     - name: Dump the requested facts.
       debug: