cisagov
diff --git a/‎.config/molecule/config.yml‎
Lines changed: 57 additions & 113 deletions b/‎.config/molecule/config.yml‎
Lines changed: 57 additions & 113 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 13 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎.github/labeler.yml‎
Lines changed: 70 additions & 0 deletions b/‎.github/labeler.yml‎
Lines changed: 70 additions & 0 deletions
diff --git a/‎.github/labels.yml‎
Lines changed: 6 additions & 0 deletions b/‎.github/labels.yml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 12 additions & 7 deletions b/‎.github/workflows/build.yml‎
Lines changed: 12 additions & 7 deletions
@@ -4,7 +4,8 @@ dependency:
 driver:
   name: docker
 platforms:
-  - cgroupns_mode: host
+  - &common_amd64_platform_config
+    cgroupns_mode: host
     command: /lib/systemd/systemd
     image: docker.io/geerlingguy/docker-amazonlinux2023-ansible:latest
     name: amazonlinux2023-systemd-amd64
@@ -13,64 +14,36 @@ platforms:
     privileged: true
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
-    image: docker.io/geerlingguy/docker-amazonlinux2023-ansible:latest
+
+  - &common_arm64_platform_config
+    <<: *common_amd64_platform_config
     name: amazonlinux2023-systemd-arm64
     platform: arm64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_amd64_platform_config
     image: docker.io/geerlingguy/docker-debian10-ansible:latest
     name: debian10-systemd-amd64
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_arm64_platform_config
     image: docker.io/geerlingguy/docker-debian10-ansible:latest
     name: debian10-systemd-arm64
-    platform: arm64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_amd64_platform_config
     image: docker.io/geerlingguy/docker-debian11-ansible:latest
     name: debian11-systemd-amd64
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_arm64_platform_config
     image: docker.io/geerlingguy/docker-debian11-ansible:latest
     name: debian11-systemd-arm64
-    platform: arm64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_amd64_platform_config
     image: docker.io/geerlingguy/docker-debian12-ansible:latest
     name: debian12-systemd-amd64
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_arm64_platform_config
     image: docker.io/geerlingguy/docker-debian12-ansible:latest
     name: debian12-systemd-arm64
+<<<<<<< HEAD
     platform: arm64
     pre_build_image: true
     privileged: true
@@ -98,94 +71,65 @@ platforms:
   #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
   - cgroupns_mode: host
     command: /lib/systemd/systemd
+=======
+
+  - <<: *common_amd64_platform_config
+    image: docker.io/geerlingguy/docker-debian13-ansible:latest
+    name: debian13-systemd-amd64
+
+  - <<: *common_arm64_platform_config
+    image: docker.io/geerlingguy/docker-debian13-ansible:latest
+    name: debian13-systemd-arm64
+
+  - <<: *common_amd64_platform_config
+    image: docker.io/cisagov/docker-debian14-ansible:latest
+    name: debian14-systemd-amd64
+
+  - <<: *common_arm64_platform_config
+    image: docker.io/cisagov/docker-debian14-ansible:latest
+    name: debian14-systemd-arm64
+
+  - <<: *common_amd64_platform_config
+>>>>>>> 3260b69086d7e880c2f70a524857bbc72b59b44f
     image: docker.io/cisagov/docker-kali-ansible:latest
     name: kali-systemd-amd64
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_arm64_platform_config
     image: docker.io/cisagov/docker-kali-ansible:latest
     name: kali-systemd-arm64
-    platform: arm64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_amd64_platform_config
     image: docker.io/geerlingguy/docker-fedora41-ansible:latest
     name: fedora41-systemd-amd64
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_arm64_platform_config
     image: docker.io/geerlingguy/docker-fedora41-ansible:latest
     name: fedora41-systemd-arm64
-    platform: arm64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_amd64_platform_config
     image: docker.io/geerlingguy/docker-fedora42-ansible:latest
     name: fedora42-systemd-amd64
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_arm64_platform_config
     image: docker.io/geerlingguy/docker-fedora42-ansible:latest
     name: fedora42-systemd-arm64
-    platform: arm64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_amd64_platform_config
     image: docker.io/geerlingguy/docker-ubuntu2204-ansible:latest
     name: ubuntu-22-systemd-amd64
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_arm64_platform_config
     image: docker.io/geerlingguy/docker-ubuntu2204-ansible:latest
     name: ubuntu-22-systemd-arm64
-    platform: arm64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_amd64_platform_config
     image: docker.io/geerlingguy/docker-ubuntu2404-ansible:latest
     name: ubuntu-24-systemd-amd64
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
+
+  - <<: *common_arm64_platform_config
     image: docker.io/geerlingguy/docker-ubuntu2404-ansible:latest
     name: ubuntu-24-systemd-arm64
-    platform: arm64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+
 provisioner:
   name: ansible
   config_options:
 
@@ -12,6 +12,7 @@ updates:
       - dependency-name: actions/cache
       - dependency-name: actions/checkout
       - dependency-name: actions/dependency-review-action
+      - dependency-name: actions/labeler
       - dependency-name: actions/setup-go
       - dependency-name: actions/setup-python
       - dependency-name: cisagov/action-job-preamble
@@ -21,9 +22,21 @@ updates:
       - dependency-name: hashicorp/setup-packer
       - dependency-name: hashicorp/setup-terraform
       - dependency-name: mxschmitt/action-tmate
+<<<<<<< HEAD
       # Managed by cisagov/skeleton-ansible-role
       - dependency-name: cisagov/action-disable-apparmor
       - dependency-name: docker/setup-buildx-action
+=======
+      # # Managed by cisagov/skeleton-ansible-role
+      # - dependency-name: cisagov/action-disable-apparmor
+      # - dependency-name: docker/setup-buildx-action
+    labels:
+      # dependabot default we need to replicate
+      - dependencies
+      # This matches our label definition in .github/labels.yml as opposed to
+      # dependabot's default of `github_actions`.
+      - github-actions
+>>>>>>> 3260b69086d7e880c2f70a524857bbc72b59b44f
     package-ecosystem: github-actions
     schedule:
       interval: weekly
 
@@ -0,0 +1,70 @@
+---
+# Each entry in this file is a label that will be applied to pull requests
+# if there is a match based on the matching rules for the entry. Please see
+# the actions/labeler documentation for more information:
+# https://github.com/actions/labeler#match-object
+#
+# Note: Verify that the label you want to use is defined in the
+# crazy-max/ghaction-github-labeler configuration file located at
+# .github/labels.yml.
+
+# Enable if Ansible playbooks are used in the repository.
+ansible:
+  - changed-files:
+      - any-glob-to-any-file:
+          - defaults/**/*.yml
+          - handlers/**/*.yml
+          - meta/**/*.yml
+          - tasks/**/*.yml
+          - vars/**/*.yml
+dependencies:
+  - changed-files:
+      - any-glob-to-any-file:
+          # Add any dependency files used.
+          - .pre-commit-config.yaml
+          - meta/**/*.yml
+          - requirements*.txt
+documentation:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "**/*.md"
+github-actions:
+  - changed-files:
+      - any-glob-to-any-file:
+          - .github/workflows/**
+# Enable if Packer is used in the repository.
+# packer:
+#   - changed-files:
+#       - any-glob-to-any-file:
+#           - "**/*.pkr.hcl"
+# Enable if Python is used in the repository.
+python:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "**/*.py"
+# Enable if Terraform is used in the repository.
+# terraform:
+#   - changed-files:
+#       - any-glob-to-any-file:
+#           - "**/*.tf"
+test:
+  - changed-files:
+      - any-glob-to-any-file:
+          # Add any test-related files or paths.
+          - .ansible-lint
+          - .bandit.yml
+          - .config/molecule/config.yml
+          - .flake8
+          - .isort.cfg
+          - .mdl_config.yaml
+          - .yamllint
+          - molecule/**
+upstream update:
+  - head-branch:
+      # Any Lineage pull requests should use this branch.
+      - lineage/skeleton
+version bump:
+  - changed-files:
+      - any-glob-to-any-file:
+          # Ensure this matches your version tracking file(s).
+          - version.txt
@@ -2,6 +2,9 @@
 # Rather than breaking up descriptions into multiline strings we disable that
 # specific rule in yamllint for this file.
 # yamllint disable rule:line-length
+- color: f15a53
+  description: Pull requests that update Ansible code
+  name: ansible
 - color: eb6420
   description: This issue or pull request is awaiting the outcome of another issue or pull request
   name: blocked
@@ -50,6 +53,9 @@
 - color: fcdb45
   description: This pull request is awaiting an action or decision to move forward
   name: on hold
+- color: 3772a4
+  description: Pull requests that update Python code
+  name: python
 - color: ef476c
   description: This issue is a request for information or needs discussion
   name: question
 
@@ -99,16 +99,16 @@ jobs:
           # this workflow.
           permissions_monitoring_config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
       - id: setup-env
-        uses: cisagov/setup-env-github-action@develop
-      - uses: actions/checkout@v4
+        uses: cisagov/setup-env-github-action@v1
+      - uses: actions/checkout@v5
       - id: setup-python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: ${{ steps.setup-env.outputs.python-version }}
       # We need the Go version and Go cache location for the actions/cache step,
       # so the Go installation must happen before that.
       - id: setup-go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           # There is no expectation for actual Go code so we disable caching as
           # it relies on the existence of a go.sum file.
@@ -220,10 +220,15 @@ jobs:
           - debian10-systemd
           - debian11-systemd
           - debian12-systemd
+<<<<<<< HEAD
           # Docker does not yet officially support Debian Trixie.  See
           # https://docs.docker.com/engine/install/debian/ for more
           # details.
           # - debian13-systemd
+=======
+          - debian13-systemd
+          - debian14-systemd
+>>>>>>> 3260b69086d7e880c2f70a524857bbc72b59b44f
           - fedora41-systemd
           - fedora42-systemd
           - kali-systemd
@@ -259,10 +264,10 @@ jobs:
           # this workflow.
           permissions_monitoring_config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
       - id: setup-env
-        uses: cisagov/setup-env-github-action@develop
-      - uses: actions/checkout@v4
+        uses: cisagov/setup-env-github-action@v1
+      - uses: actions/checkout@v5
       - id: setup-python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: ${{ steps.setup-env.outputs.python-version }}
       - uses: actions/cache@v4