More linting fixes

Signed-off-by: Eric Searcy <[email protected]>

Author: emsearcy

.cspell.json

@@ -2,32 +2,55 @@
   "language": "en",
   "dictionaries": ["companies", "filetypes", "fullstack", "softwareTerms"],
   "words": [
-    "lfx"
+    "authelia",
+    "aquasecurity",
+    "dotenv",
+    "excepthook",
+    "gaudin",
+    "isoformat",
+    "iubp",
+    "jetstream",
+    "lfx",
+    "lfprojects",
+    "linuxfoundation",
+    "meltano",
+    "mockdata",
+    "searchpath",
+    "subproject",
+    "representer",
+    "timestamper",
+    "timedelta",
+    "uuidgen"
   ],
   "flagWords": [
-    "abort",
-    "abortion",
-    "blackhat",
-    "black-hat",
-    "whitehat",
-    "white-hat",
-    "cripple",
-    "crippled",
-    "master",
-    "slave",
-    "tribe",
-    "sanity-check",
-    "whitelist",
-    "white-list",
-    "blacklist",
-    "black-list"
+    "abort: cancel, end, fail, halt, stop, terminate",
+    "abortion: cancelation, ending, failure, halting, stopping, termination",
+    "blackhat: attacker, malicious",
+    "black-hat: attacker, malicious",
+    "whitehat: ethical, security, researcher",
+    "white-hat: ethical, security, researcher",
+    "cripple: disable, degrade, impact",
+    "crippled: disabled, degraded, impacted",
+    "grandfathered: legacy, exempted, preauthorized",
+    "master: controller, primary, main, leader, parent",
+    "slave: agent, replica, secondary, follower, child",
+    "tribe: squad, team, group",
+    "sanity-check: test, verify, validate",
+    "whitelist: allowlist",
+    "white-list: allow-list",
+    "blacklist: denylist",
+    "black-list: deny-list"
   ],
   "ignorePaths": [
     ".cspell.json",
+    ".gitignore",
+    ".mega-linter.yml",
+    ".yamllint.yml",
     "CODEOWNERS",
     "LICENSE",
     "LICENSE-docs",
     "megalinter-reports",
+    "pyproject.toml",
     "styles"
   ],
   "languageSettings": [

.github/workflows/mega-linter.yml

@@ -33,10 +33,7 @@ jobs:
       - name: MegaLinter
         id: ml
         # Use the Python flavor.
-        uses: oxsecurity/megalinter/flavors/python@5a91fb06c83d0e69fbd23756d47438aa723b4a5a  # 8.7.0
+        uses: oxsecurity/megalinter/flavors/python@62c799d895af9bcbca5eacfebca29d527f125a57  # 9.1.0
         env:
-          # All available variables are described in documentation
-          # https://megalinter.io/configuration/
+          # Pass token for better rate limits.
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # Allow GITHUB_TOKEN for working around rate limits (aquasecurity/trivy#7668).
-          REPOSITORY_TRIVY_UNSECURED_ENV_VARIABLES: GITHUB_TOKEN

.lycheeignore

@@ -0,0 +1,2 @@
+# Ignore local Kubernetes paths.
+^https?://[a-zA-Z0-9.-]+\.svc\.cluster\.local

.mega-linter.yml

@@ -7,13 +7,11 @@ DISABLE_LINTERS:
   - PYTHON_PYLINT
   # Pyright errors on missing dependencies.
   - PYTHON_PYRIGHT
-  # Repository-wide link checking returns mostly false positives (like internal
-  # service URLs in templates).
-  - SPELL_LYCHEE
   # yamllint is sufficient for us.
   - YAML_PRETTIER
 DISABLE_ERRORS_LINTERS:
   # This may be informative but doesn't need to break the build.
   - COPYPASTE_JSCPD
-  # Warn on spelling only until we set up a local wordlist.
+  # Making optional to not block builds, even though it's still important!
   - SPELL_CSPELL
+PYTHON_ISORT_ARGUMENTS: "--src src"

.yamllint.yml

@@ -1,4 +1,6 @@
 ---
+# Copyright The Linux Foundation and each contributor to LFX.
+# SPDX-License-Identifier: MIT
 extends: default
 ignore: |
   .git

README.md

@@ -11,7 +11,7 @@ This tool generates mock data for the LFX v2 platform by running playbooks that
 - `uv` package manager installed
 - `jwt` CLI from [jwt-cli](https://github.com/mike-engel/jwt-cli) Rust crate available in your $PATH
 
-These instructions and playbooks assume the script's execution environment has access to `*.*.svc.cluster.local` Kubernetes service URLs. These URLs in the playbooks can be overriden with environmental variables as needed.
+These instructions and playbooks assume the script's execution environment has access to `*.*.svc.cluster.local` Kubernetes service URLs. These URLs in the playbooks can be overridden with environmental variables as needed.
 
 ## Setup
 
@@ -56,7 +56,7 @@ export PROJECTS_TOKEN COMMITTEES_TOKEN
 Use uv to run the mock data tool (uv will automatically manage Python versions and virtual environments):
 
 ```bash
-# Test the script (uv will create the venv automatically).
+# Test the script (uv will create the virtual environment automatically).
 uv run lfx-v2-mockdata --help
 # Load some data!
 uv run lfx-v2-mockdata -t playbooks/projects/{root_project_access,base_projects,extra_projects} playbooks/committees/base_committees

pyproject.toml

@@ -40,6 +40,7 @@ select = ["E", "F", "UP", "B", "G", "I"]
 
 [dependency-groups]
 dev = [
+  "isort>=7.0.0",
   "mypy>=1.17.1",
   "ruff>=0.6.2",
   "types-jmespath>=1.0.2.20250809",

scripts/mock-heimdall-jwt.sh

@@ -8,42 +8,42 @@
 
 # Ensure we were passed at least 2 arguments.
 if [ "$#" -lt 2 ]; then
-    echo "Usage: $0 <audience> <principal> [<email>]"
-    exit 1
+	echo "Usage: $0 <audience> <principal> [<email>]"
+	exit 1
 fi
 
 aud=$1
 principal=$2
 email=$3
 
 if [ -n "$email" ]; then
-  payload="{\"email\": \"$email\"}"
+	payload="{\"email\": \"$email\"}"
 else
-  payload='{}'
+	payload='{}'
 fi
 
 key_id="$(curl -s http://lfx-platform-heimdall.lfx.svc.cluster.local:4457/.well-known/jwks | jq -r '.keys.[0].kid')"
 
 if [ -z "$key_id" ]; then
-    echo "Failed to retrieve key ID from Heimdall"
-    exit 1
+	echo "Failed to retrieve key ID from Heimdall"
+	exit 1
 fi
 
 pem_temp_dir=$(mktemp -d)
-kubectl get secret/heimdall-signer-cert -n lfx -o json | jq -r '.data["signer.pem"]' | base64 --decode > "${pem_temp_dir}"/signer.pem
+kubectl get secret/heimdall-signer-cert -n lfx -o json | jq -r '.data["signer.pem"]' | base64 --decode >"${pem_temp_dir}"/signer.pem
 
 jwt encode \
-    --alg PS256 \
-    --kid "$key_id" \
-    --exp=+300s \
-    --nbf +0s \
-    --jti "$(uuidgen)" \
-    --payload "aud=$aud" \
-    --payload "iss=heimdall" \
-    --payload "sub=${principal#clients@}" \
-    --payload "principal=$principal" \
-    --secret "@${pem_temp_dir}/signer.pem" \
-    "${payload}"
+	--alg PS256 \
+	--kid "$key_id" \
+	--exp=+300s \
+	--nbf +0s \
+	--jti "$(uuidgen)" \
+	--payload "aud=$aud" \
+	--payload "iss=heimdall" \
+	--payload "sub=${principal#clients@}" \
+	--payload "principal=$principal" \
+	--secret "@${pem_temp_dir}/signer.pem" \
+	"${payload}"
 
 jwt_result=$?
 

src/custom_logging/__init__.py

@@ -67,7 +67,8 @@ def setup_logging(log_level: str = "INFO") -> None:
     structlog.configure(
         processors=shared_processors
         + [
-            # If log level is too low, abort pipeline and throw away log entry.
+            # If log level is too low, halt the pipeline and throw away the log
+            # entry.
             structlog.stdlib.filter_by_level,
             # Prepare event dict for `ProcessorFormatter`.
             structlog.stdlib.ProcessorFormatter.wrap_for_formatter,

src/lfx_v2_mockdata/__init__.py

@@ -226,7 +226,7 @@ class JMESPathEncoder(json.JSONEncoder):
     """Extend the default JSON encoder for JMESPath macros.
 
     Supports both the JMESPath (!ref) and JMESPathSubstitution (!sub)
-    objects used by lfx_v2_mockdata.
+    macros.
     """
 
     def default(self, obj):
@@ -318,7 +318,7 @@ def yaml_include(loader, node):
 def yaml_render(template_dir, yaml_file):
     """Setup Jinja2 and render and parse a YAML file."""
     logger.info("Loading template", template_dir=template_dir, yaml_file=yaml_file)
-    # Check if we have already created a sandboxed Jinja2 environment for this
+    # Check if we have already created a sandbox Jinja2 environment for this
     # context/directory.
     env = jinja_env.get(None)
     if env is None:
@@ -956,13 +956,13 @@ def parse_args() -> UploadMockDataArgs:
         action="store_true",
         help="dump the parsed templates as JSON to stdout (with !ref expansion)",
     )
-    dryrun_group = parser.add_mutually_exclusive_group()
-    dryrun_group.add_argument(
+    dry_run_group = parser.add_mutually_exclusive_group()
+    dry_run_group.add_argument(
         "--dry-run",
         action="store_true",
         help="do not upload any data to endpoints",
     )
-    dryrun_group.add_argument(
+    dry_run_group.add_argument(
         "--upload",
         action="store_true",
         help="upload to endpoints even when dumping",