…configuration

Update the version of the second `bandit` hook

Now that LGTM has been deprecated in favor of GitHub code scanning
(CodeQL) we have removed the integration from the organization. As a
result we need to remove these badges.

Add a CodeQL badge and remove LGTM badges from the README

Since we only support Python 3 and only test against CPython (the
reference implementation) it would be helpful to indicate these facts
with our trove classifiers.

…iers

Add two additional PyPI trove classifiers

We saw in cisagov/postfix-docker#47 that the sed commands in the
bump_version.sh script could inadvertently match the CC0 version in
the README.md file.  This change escapes the periods in the version
before passing it on to sed so that they only match periods and not
just any character.

…script

Fix overly match-happy sed commands

This job will test thw wheels created during the `build` job to ensure
the distribution artifact also passes tests.

…_github_actions

Add a GitHub Actions job to test built wheels

With the release of Python 3.11 on 2022-10-24 we should add it to our
supported Python versions. This includes an appropriate PyPI trove
classifier and adding it to the Python versions that are tested in our
GitHub Actions workflow.

…on_3.11

Add support for Python 3.11

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

…/skeleton

# Conflicts:
#	README.md

…s/upload-artifact-3

Bump actions/upload-artifact from 2 to 3

Add ignore directives and an attribution comment to the dependabot
configurtation. These will be uncommented in descendants of this
project (cisagov/skeleton-python-library) so that version changes to
these Actions are controlled through this project.

…ttributions

Add ignore directives to the dependabot configuration

…/skeleton

Update pre-commit hooks using `pre-commit autoupdate`. The `ansible-lint` hook
is intentionally held back to be updated independently to v6.

Update `pre-commit` hooks

Add a security label

Lineage pull request for: skeleton

Add a pre-commit hook to run `goimports`

…upport_terraform-docs

Add ATX Header Support for `terraform-docs`

This hook bundles the binaries for shellcheck with a Python package
which removes the need to ensure the tool is installed for the hook to
function. It also ties the version of shellcheck used to the hook which
will help guarantee consistency.

…ok_for_shellcheck

Switch the pre-commit hook used to run `shellcheck`

…skeleton

This includes adding the necessary job step to use the
cisagov/setup-env-github-action Action.

Co-authored-by: Nick <[email protected]>

New versions of ansible-core (2.16.7 and 2.17.0) have been released
that do not suffer from the bug discussed in ansible/ansible#82702.
This bug broke any symlinked files in vars, tasks, etc. for any
Ansible role installed via ansible-galaxy.

All versions later than ansible-core 2.16.7 and 2.17.0 should function
as expected.

Co-authored-by: Nick <[email protected]>

The line is not only unnecessary, it was commented out to boot!

…lint

On its own ansible-lint does not pull in ansible, only ansible-core.
Therefore, if an Ansible module lives in ansible instead of
ansible-core, the linter will complain that the module is unknown.  In
these cases it is necessary to add the ansible package itself as an
additional dependency, with the same pinning as is done in
requirements-test.txt of cisagov/skeleton-ansible-role.

This is done automatically with the `pre-commit autoupdate` command.
The pre-commit/mirrors-prettier was manually held back because the
latest tags are for alpha releases of the next major version.

Use the latest v3 release available from NPM.

The pin now agrees with what is in cisagov/skeleton-ansible-role.

Co-authored-by: Nick <[email protected]>

Update `pre-commit` hooks

…ible-lint

Pin packages for `ansible-lint`

The "bandit (tests tree)" hook configuration gets updated from
upstream, but the "bandit (everything else)" hook configuration does
not. It must be manually updated to ensure the same version of bandit
is used for both hooks.

⚠️ CONFLICT! Lineage pull request for: skeleton

Fix the dependabot ignore directive for `github/codeql-action`

…/codeql-action-3

Bump github/codeql-action from 2 to 3

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v3...v4)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Python 3.6 reached end-of-life on 2021-12-23. Since the oldest version
of Debian that we use (Debian Buster) provides Python 3.7 we can safely
sunset support for this version of Python.

…ions

Bump actions/upload-artifact and actions/download-artifact from 3 to 4

Drop support for Python 3.6

…/skeleton

# Conflicts:
#	src/findcdn/__init__.py

This covers all of the uses that are not automatically updated when
pulling in upstream updates.

Ensure the use of the same version of `actions/setup-python`

…/skeleton