cisagov
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 16 additions & 2 deletions b/‎.github/CODEOWNERS‎
Lines changed: 16 additions & 2 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 8 additions & 5 deletions b/‎.github/dependabot.yml‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎.github/labels.yml‎
Lines changed: 21 additions & 21 deletions b/‎.github/labels.yml‎
Lines changed: 21 additions & 21 deletions
diff --git a/‎.github/lineage.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/lineage.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/_repo-metadata.yml‎
Lines changed: 78 additions & 0 deletions b/‎.github/workflows/_repo-metadata.yml‎
Lines changed: 78 additions & 0 deletions
@@ -3,8 +3,22 @@
 # These owners will be the default owners for everything in the
 # repo. Unless a later match takes precedence, these owners will be
 # requested for review when someone opens a pull request.
-* @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
+* @dav3r @felddy @jsf9k @mcdonnnj
 
 # These folks own any files in the .github directory at the root of
 # the repository and any of its subdirectories.
-/.github/ @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
+/.github/ @dav3r @felddy @jsf9k @mcdonnnj
+
+# These folks own all linting configuration files.
+/.ansible-lint @dav3r @felddy @jsf9k @mcdonnnj
+/.bandit.yml @dav3r @felddy @jsf9k @mcdonnnj
+/.flake8 @dav3r @felddy @jsf9k @mcdonnnj
+/.isort.cfg @dav3r @felddy @jsf9k @mcdonnnj
+/.mdl_config.yaml @dav3r @felddy @jsf9k @mcdonnnj
+/.pre-commit-config.yaml @dav3r @felddy @jsf9k @mcdonnnj
+/.prettierignore @dav3r @felddy @jsf9k @mcdonnnj
+/.yamllint @dav3r @felddy @jsf9k @mcdonnnj
+/requirements.txt @dav3r @felddy @jsf9k @mcdonnnj
+/requirements-dev.txt @dav3r @felddy @jsf9k @mcdonnnj
+/requirements-test.txt @dav3r @felddy @jsf9k @mcdonnnj
+/setup-env @dav3r @felddy @jsf9k @mcdonnnj
@@ -16,23 +16,26 @@ updates:
       # Managed by cisagov/skeleton-generic
       - dependency-name: actions/cache
       - dependency-name: actions/checkout
+      - dependency-name: actions/dependency-review-action
       - dependency-name: actions/setup-go
       - dependency-name: actions/setup-python
-      - dependency-name: crazy-max/ghaction-dump-context
+      - dependency-name: cisagov/action-job-preamble
+      - dependency-name: cisagov/setup-env-github-action
       - dependency-name: crazy-max/ghaction-github-labeler
-      - dependency-name: crazy-max/ghaction-github-status
+      - dependency-name: github/codeql-action
+      - dependency-name: hashicorp/setup-packer
       - dependency-name: hashicorp/setup-terraform
       - dependency-name: mxschmitt/action-tmate
-      - dependency-name: step-security/harden-runner
       # Managed by cisagov/skeleton-docker
       - dependency-name: actions/download-artifact
-      - dependency-name: actions/github-script
       - dependency-name: actions/upload-artifact
+      - dependency-name: aquasecurity/trivy-action
       - dependency-name: docker/build-push-action
       - dependency-name: docker/login-action
+      - dependency-name: docker/metadata-action
       - dependency-name: docker/setup-buildx-action
       - dependency-name: docker/setup-qemu-action
-      - dependency-name: github/codeql-action
+      - dependency-name: peter-evans/dockerhub-description
     package-ecosystem: github-actions
     schedule:
       interval: weekly
 
@@ -2,72 +2,72 @@
 # Rather than breaking up descriptions into multiline strings we disable that
 # specific rule in yamllint for this file.
 # yamllint disable rule:line-length
-- color: "eb6420"
+- color: eb6420
   description: This issue or pull request is awaiting the outcome of another issue or pull request
   name: blocked
 - color: "000000"
   description: This issue or pull request involves changes to existing functionality
   name: breaking change
-- color: "d73a4a"
+- color: d73a4a
   description: This issue or pull request addresses broken functionality
   name: bug
-- color: "07648d"
+- color: 07648d
   description: This issue will be advertised on code.gov's Open Tasks page (https://code.gov/open-tasks)
   name: code.gov
-- color: "0366d6"
+- color: 0366d6
   description: Pull requests that update a dependency file
   name: dependencies
-- color: "2497ed"
+- color: 2497ed
   description: Pull requests that update Docker code
   name: docker
-- color: "5319e7"
+- color: 5319e7
   description: This issue or pull request improves or adds to documentation
   name: documentation
-- color: "cfd3d7"
+- color: cfd3d7
   description: This issue or pull request already exists or is covered in another issue or pull request
   name: duplicate
-- color: "b005bc"
+- color: b005bc
   description: A high-level objective issue encompassing multiple issues instead of a specific unit of work
   name: epic
 - color: "000000"
   description: Pull requests that update GitHub Actions code
   name: github-actions
-- color: "0e8a16"
+- color: 0e8a16
   description: This issue or pull request is well-defined and good for newcomers
   name: good first issue
-- color: "ff7518"
+- color: ff7518
   description: Pull request that should count toward Hacktoberfest participation
   name: hacktoberfest-accepted
-- color: "a2eeef"
+- color: a2eeef
   description: This issue or pull request will add or improve functionality, maintainability, or ease of use
   name: improvement
-- color: "fef2c0"
+- color: fef2c0
   description: This issue or pull request is not applicable, incorrect, or obsolete
   name: invalid
-- color: "ce099a"
+- color: ce099a
   description: This pull request is ready to merge during the next Lineage Kraken release
   name: kraken 🐙
-- color: "a4fc5d"
+- color: a4fc5d
   description: This issue or pull request requires further information
   name: need info
-- color: "fcdb45"
+- color: fcdb45
   description: This pull request is awaiting an action or decision to move forward
   name: on hold
-- color: "ef476c"
+- color: ef476c
   description: This issue is a request for information or needs discussion
   name: question
-- color: "d73a4a"
+- color: d73a4a
   description: This issue or pull request addresses a security issue
   name: security
-- color: "00008b"
+- color: 00008b
   description: This issue or pull request adds or otherwise modifies test code
   name: test
-- color: "1d76db"
+- color: 1d76db
   description: This issue or pull request pulls in upstream updates
   name: upstream update
-- color: "d4c5f9"
+- color: d4c5f9
   description: This issue or pull request increments the version number
   name: version bump
-- color: "ffffff"
+- color: ffffff
   description: This issue will not be incorporated
   name: wontfix
@@ -2,4 +2,4 @@
 lineage:
   skeleton:
     remote-url: https://github.com/cisagov/skeleton-docker.git
-version: '1'
+version: "1"
@@ -0,0 +1,78 @@
+---
+name: Provide repository metadata
+
+on:  # yamllint disable-line rule:truthy
+  workflow_call:
+    outputs:
+      image-name:
+        description: The name of the Docker image.
+        value: ${{ jobs.output-repo-metadata.outputs.image-name }}
+      image-platforms:
+        description: The supported platforms for the Docker image.
+        value: ${{ jobs.output-repo-metadata.outputs.image-platforms }}
+
+jobs:
+  output-repo-metadata:
+    name: Generate outputs for repository metadata
+    outputs:
+      image-name: ${{ steps.set-outputs.outputs.image-name }}
+      image-platforms: ${{ steps.set-outputs.outputs.image-platforms }}
+    permissions: {}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set outputs for repository metadata
+        id: set-outputs
+        run: |
+          # Standard Python Libraries
+          import json
+          import os
+          import sys
+          from typing import Any, TypedDict
+
+
+          class GhaOutput(TypedDict):
+
+              description: str
+              name: str
+              value: Any
+
+
+          # Every output in this list must be configured as an output for the workflow.
+          gha_outputs: list[GhaOutput] = [
+              {
+                  "description": "The name of the Docker image.",
+                  "name": "image-name",
+                  "value": "cisagov/postfix",
+              },
+              {
+                  "description": "The supported platforms for the Docker image.",
+                  "name": "image-platforms",
+                  "value": [
+                      # The platforms disabled below are not available for the current
+                      # base image (debian:bullseye-slim). Please see #60 for more
+                      # information.
+                      "linux/386",
+                      "linux/amd64",
+                      # "linux/arm/v6",
+                      "linux/arm/v7",
+                      "linux/arm64",
+                      # "linux/ppc64le",
+                      # "linux/riscv64",
+                      # "linux/s390x",
+                  ],
+              },
+          ]
+
+          if os.getenv("GITHUB_OUTPUT") is None:
+              print(
+                  "GITHUB_OUTPUT is not set. "
+                  "This script is intended to be run in a GitHub Actions environment."
+              )
+              sys.exit(1)
+
+          with open(os.environ["GITHUB_OUTPUT"], "a") as gh_output:
+              for output in gha_outputs:
+                  if any(isinstance(output["value"], t) for t in [list, dict]):
+                      output["value"] = json.dumps(output["value"])
+                  gh_output.write(f"{output['name']}={output['value']}\n")
+        shell: python3 {0}