ci: use latest test images

.gitlab-ci.yml

@@ -9,36 +9,56 @@
   only_branch_master_parent_repo: &only_branch_master_parent_repo
     - 'master@saltstack-formulas/packages-formula'
   # `stage`
+  stage_cache: &stage_cache 'cache'
   stage_lint: &stage_lint 'lint'
   stage_release: &stage_release 'release'
   stage_test: &stage_test 'test'
   # `image`
-  image_commitlint: &image_commitlint 'myii/ssf-commitlint:11'
-  image_dindruby: &image_dindruby 'myii/ssf-dind-ruby:2.7.1-r3'
-  image_precommit: &image_precommit
-    name: 'myii/ssf-pre-commit:2.9.2'
-    entrypoint: ['/bin/bash', '-c']
-  image_rubocop: &image_rubocop 'pipelinecomponents/rubocop:latest'
-  image_semantic-release: &image_semanticrelease 'myii/ssf-semantic-release:15.14'
+  # yamllint disable rule:line-length
+  image_commitlint: &image_commitlint 'techneg/ci-commitlint:v1.1.91@sha256:02574d0409adafb76d5a40a7d08202073e5377f4a7c4bfe9e198d1203ff94a8c'
+  image_dindruby: &image_dindruby 'techneg/ci-docker-python-ruby:v2.2.60@sha256:de98b8d1d3cf86639fe69bfc4f0416115d18300759c5ed2948ac56f973dd944f'
+  image_dindrubybionic: &image_dindrubybionic 'techneg/ci-docker-python-ruby:v2.2.60@sha256:de98b8d1d3cf86639fe69bfc4f0416115d18300759c5ed2948ac56f973dd944f'
+  image_precommit: &image_precommit 'techneg/ci-pre-commit:v2.4.25@sha256:ff5192e893c1079fbf70e3ce6bfc3773815041786a75659793158be930ba7803'
+  image_rubocop: &image_rubocop 'pipelinecomponents/rubocop:latest@sha256:fe69f9642c7edde46bbd78326d2c42c6e13fc73694efb142e92e206725479328'
+  image_semantic-release: &image_semanticrelease 'myii/ssf-semantic-release:15.14@sha256:374f588420087517a3cc0235e11293bffd72d7a59da3d98d5e69f014ff2a7761'
   # `services`
   services_docker_dind: &services_docker_dind
-    - 'docker:dind'
+    - 'docker:28.2.2-dind@sha256:d4668861cabc1691635d98e827a81cfa834a416f8fe0f4efc609f9f806d86d82'
+  # yamllint enable rule:line-length
   # `variables`
   # https://forum.gitlab.com/t/gitlab-com-ci-caching-rubygems/5627/3
-  # https://bundler.io/v1.16/bundle_config.html
+  # https://bundler.io/v2.3/man/bundle-config.1.html
   variables_bundler: &variables_bundler
-    BUNDLE_CACHE_PATH: '${CI_PROJECT_DIR}/.cache/bundler'
-    BUNDLE_WITHOUT: 'production'
-  # `cache`
+    BUNDLE_PATH: '${CI_PROJECT_DIR}/.cache/bundler'
+    BUNDLE_DEPLOYMENT: 'true'
+  bundle_install: &bundle_install
+    - 'bundle version'
+    - 'bundle config list'
+    # `--no-cache` means don't bother caching the downloaded .gem files
+    - 'time bundle install --no-cache'
   cache_bundler: &cache_bundler
-    key: '${CI_JOB_STAGE}'
+    key:
+      files:
+        - 'Gemfile.lock'
+      prefix: 'bundler'
     paths:
-      - '${BUNDLE_CACHE_PATH}'
+      - '${BUNDLE_PATH}'
+  # https://pre-commit.com/#gitlab-ci-example
+  variables_pre-commit: &variables_pre-commit
+    PRE_COMMIT_HOME: '${CI_PROJECT_DIR}/.cache/pre-commit'
+  cache_pre-commit: &cache_pre-commit
+    key:
+      files:
+        - '.pre-commit-config.yaml'
+      prefix: 'pre-commit'
+    paths:
+      - '${PRE_COMMIT_HOME}'
 
 ###############################################################################
 # Define stages and global variables
 ###############################################################################
 stages:
+  - *stage_cache
   - *stage_lint
   - *stage_test
   - *stage_release
@@ -48,8 +68,12 @@ variables:
 ###############################################################################
 # `lint` stage: `commitlint`, `pre-commit` & `rubocop` (latest, failure allowed)
 ###############################################################################
-commitlint:
+.lint_job:
   stage: *stage_lint
+  needs: []
+
+commitlint:
+  extends: '.lint_job'
   image: *image_commitlint
   script:
     # Add `upstream` remote to get access to `upstream/master`
@@ -74,17 +98,14 @@ commitlint:
                   --verbose'
 
 pre-commit:
-  stage: *stage_lint
+  extends: '.lint_job'
   image: *image_precommit
   # https://pre-commit.com/#gitlab-ci-example
-  variables:
-    PRE_COMMIT_HOME: '${CI_PROJECT_DIR}/.cache/pre-commit'
-  cache:
-    key: '${CI_JOB_NAME}'
-    paths:
-      - '${PRE_COMMIT_HOME}'
+  variables: *variables_pre-commit
+  cache: *cache_pre-commit
   script:
     - 'pre-commit run --all-files --color always --verbose'
+    - 'pre-commit run --color always --hook-stage manual commitlint-ci'
 
 # Use a separate job for `rubocop` other than the one potentially run by `pre-commit`
 # - The `pre-commit` check will only be available for formulas that pass the default
@@ -93,8 +114,8 @@ pre-commit:
 # - Furthermore, this job uses all of the latest `rubocop` features & cops,
 #   which will help when upgrading the `rubocop` linter used in `pre-commit`
 rubocop:
+  extends: '.lint_job'
   allow_failure: true
-  stage: *stage_lint
   image: *image_rubocop
   script:
     - 'rubocop -d -P -S --enable-pending-cops'
@@ -107,12 +128,10 @@ rubocop:
   image: *image_dindruby
   services: *services_docker_dind
   variables: *variables_bundler
-  cache: *cache_bundler
-  before_script:
-    # TODO: This should work from the env vars above automatically
-    - 'bundle config set path "${BUNDLE_CACHE_PATH}"'
-    - 'bundle config set without "${BUNDLE_WITHOUT}"'
-    - 'bundle install'
+  cache:
+    <<: *cache_bundler
+    policy: 'pull'
+  before_script: *bundle_install
   script:
     # Alternative value to consider: `${CI_JOB_NAME}`
     - 'bin/kitchen verify "${DOCKER_ENV_CI_JOB_NAME}"'
@@ -131,69 +150,24 @@ rubocop:
 # Make sure the instances listed below match up with
 # the `platforms` defined in `kitchen.yml`
 # yamllint disable rule:line-length
-# debian-debian-11-tiamat-py3: {extends: '.test_instance'}
-# debian-debian-10-tiamat-py3: {extends: '.test_instance'}
-# debian-debian-9-tiamat-py3: {extends: '.test_instance'}
-# ubuntu-ubuntu-2204-tiamat-py3: {extends: '.test_instance_failure_permitted'}
-# ubuntu-ubuntu-2004-tiamat-py3: {extends: '.test_instance'}
-# ubuntu-ubuntu-1804-tiamat-py3: {extends: '.test_instance'}
-# redhat8-centos-stream8-tiamat-py3: {extends: '.test_instance_failure_permitted'}
-# centos-centos-7-tiamat-py3: {extends: '.test_instance'}
-# amazon-amazonlinux-2-tiamat-py3: {extends: '.test_instance'}
-# redhat8-oraclelinux-8-tiamat-py3: {extends: '.test_instance'}
-# centos-oraclelinux-7-tiamat-py3: {extends: '.test_instance'}
-# redhat8-almalinux-8-tiamat-py3: {extends: '.test_instance'}
-# redhat8-rockylinux-8-tiamat-py3: {extends: '.test_instance'}
-debian-debian-11-master-py3: {extends: '.test_instance_failure_permitted'}
-debian-debian-10-master-py3: {extends: '.test_instance'}
-debian-debian-9-master-py3: {extends: '.test_instance'}
-# ubuntu-ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
-# ubuntu-ubuntu-2004-master-py3: {extends: '.test_instance'}
-ubuntu-ubuntu-1804-master-py3: {extends: '.test_instance'}
-redhat8-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
-centos-centos-7-master-py3: {extends: '.test_instance'}
-# fedora-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
-# fedora-fedora-35-master-py3: {extends: '.test_instance'}
-suse-opensuse-leap-153-master-py3: {extends: '.test_instance'}
-suse-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
-amazon-amazonlinux-2-master-py3: {extends: '.test_instance'}
-redhat8-oraclelinux-8-master-py3: {extends: '.test_instance'}
-centos-oraclelinux-7-master-py3: {extends: '.test_instance'}
-arch-arch-base-latest-master-py3: {extends: '.test_instance'}
-gentoo-gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
-gentoo-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
-redhat8-almalinux-8-master-py3: {extends: '.test_instance'}
-redhat8-rockylinux-8-master-py3: {extends: '.test_instance'}
-# debian-debian-11-3004-1-py3: {extends: '.test_instance'}
-# debian-debian-10-3004-1-py3: {extends: '.test_instance'}
-# debian-debian-9-3004-1-py3: {extends: '.test_instance'}
-# ubuntu-ubuntu-2204-3004-1-py3: {extends: '.test_instance_failure_permitted'}
-# ubuntu-ubuntu-2004-3004-1-py3: {extends: '.test_instance'}
-# ubuntu-ubuntu-1804-3004-1-py3: {extends: '.test_instance'}
-# redhat8-centos-stream8-3004-1-py3: {extends: '.test_instance_failure_permitted'}
-# centos-centos-7-3004-1-py3: {extends: '.test_instance'}
-# fedora-fedora-36-3004-1-py3: {extends: '.test_instance_failure_permitted'}
-# fedora-fedora-35-3004-1-py3: {extends: '.test_instance'}
-# amazon-amazonlinux-2-3004-1-py3: {extends: '.test_instance'}
-# redhat8-oraclelinux-8-3004-1-py3: {extends: '.test_instance'}
-# centos-oraclelinux-7-3004-1-py3: {extends: '.test_instance'}
-# arch-arch-base-latest-3004-1-py3: {extends: '.test_instance'}
-# gentoo-gentoo-stage3-latest-3004-1-py3: {extends: '.test_instance'}
-# gentoo-gentoo-stage3-systemd-3004-1-py3: {extends: '.test_instance'}
-# redhat8-almalinux-8-3004-1-py3: {extends: '.test_instance'}
-# redhat8-rockylinux-8-3004-1-py3: {extends: '.test_instance'}
-# suse-opensuse-leap-153-3004-0-py3: {extends: '.test_instance'}
-# suse-opensuse-tmbl-latest-3004-0-py3: {extends: '.test_instance_failure_permitted'}
-# debian-debian-10-3003-4-py3: {extends: '.test_instance'}
-# debian-debian-9-3003-4-py3: {extends: '.test_instance'}
-# ubuntu-ubuntu-2004-3003-4-py3: {extends: '.test_instance'}
-# ubuntu-ubuntu-1804-3003-4-py3: {extends: '.test_instance'}
-# redhat8-centos-stream8-3003-4-py3: {extends: '.test_instance_failure_permitted'}
-# centos-centos-7-3003-4-py3: {extends: '.test_instance'}
-# amazon-amazonlinux-2-3003-4-py3: {extends: '.test_instance'}
-# redhat8-oraclelinux-8-3003-4-py3: {extends: '.test_instance'}
-# centos-oraclelinux-7-3003-4-py3: {extends: '.test_instance'}
-# redhat8-almalinux-8-3003-4-py3: {extends: '.test_instance'}
+debian-debian-12-master: {extends: '.test_instance'}
+debian-debian-11-master: {extends: '.test_instance'}
+debian-debian-12-3007-4: {extends: '.test_instance'}
+debian-debian-11-3007-4: {extends: '.test_instance'}
+debian-debian-12-3006-12: {extends: '.test_instance'}
+debian-debian-11-3006-12: {extends: '.test_instance'}
+ubuntu-ubuntu-2404-master: {extends: '.test_instance'}
+ubuntu-ubuntu-2204-master: {extends: '.test_instance'}
+ubuntu-ubuntu-2404-3007-4: {extends: '.test_instance'}
+ubuntu-ubuntu-2204-3007-4: {extends: '.test_instance'}
+ubuntu-ubuntu-2404-3006-12: {extends: '.test_instance'}
+ubuntu-ubuntu-2204-3006-12: {extends: '.test_instance'}
+fedora-fedora-40-master: {extends: '.test_instance'}
+fedora-fedora-40-3007-4: {extends: '.test_instance'}
+fedora-fedora-40-3006-12: {extends: '.test_instance'}
+suse-opensuse-leap-156-master: {extends: '.test_instance'}
+suse-opensuse-leap-156-3007-4: {extends: '.test_instance'}
+suse-opensuse-leap-156-3006-12: {extends: '.test_instance'}
 # yamllint enable rule:line-length
 
 ###############################################################################

.pre-commit-config.yaml

@@ -15,63 +15,101 @@ ci:
   autoupdate_schedule: quarterly
   skip: []
   submodules: false
-default_stages: [commit]
+default_stages: [pre-commit]
 repos:
-  - repo: https://github.com/dafyddj/commitlint-pre-commit-hook
-    rev: v2.3.0
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-merge-conflict
+        name: Check for Git merge conflicts
+        args: [--assume-in-merge]
+        exclude: ^docs/AUTHORS.rst$
+  - repo: https://github.com/dafyddj/mirrors-commitlint
+    rev: v19.8.1
     hooks:
       - id: commitlint
-        name: Check commit message using commitlint
-        description: Lint commit message against @commitlint/config-conventional rules
-        stages: [commit-msg]
-        additional_dependencies: ['@commitlint/[email protected]']
-      - id: commitlint-travis
-        stages: [manual]
-        additional_dependencies: ['@commitlint/[email protected]']
-        always_run: true
+      - id: commitlint-ci
   - repo: https://github.com/rubocop-hq/rubocop
-    rev: v1.30.1
+    rev: v1.76.1
     hooks:
       - id: rubocop
         name: Check Ruby files with rubocop
         args: [--debug]
-        always_run: true
-        pass_filenames: false
   - repo: https://github.com/shellcheck-py/shellcheck-py
-    rev: v0.8.0.4
+    rev: v0.9.0.6
     hooks:
       - id: shellcheck
         name: Check shell scripts with shellcheck
         files: ^.*\.(sh|bash|ksh)$
         types: []
   - repo: https://github.com/adrienverge/yamllint
-    rev: v1.26.3
+    rev: v1.37.1
     hooks:
       - id: yamllint
         name: Check YAML syntax with yamllint
-        args: [--strict, '.']
-        always_run: true
-        pass_filenames: false
+        args: [--strict]
+        types: [file]
+        # Files to include
+        # 1. Obvious YAML files
+        # 2. `pillar.example` and similar files
+        # 3. SLS files under directory `test/` which are pillar files
+        # Files to exclude
+        # 1. SLS files under directory `test/` which are state files
+        # 2. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax
+        # 3. YAML files heavily reliant on Jinja
+        # 4. `.copier-answers.yml` and its variants which are auto-generated
+        files: |
+          (?x)^(
+                .*\.yaml|
+                .*\.yml|
+                \.salt-lint|
+                \.yamllint|
+                .*\.example|
+                test/.*\.sls
+          )$
+        exclude: |
+          (?x)^(
+                \.copier-answers(\..+)?\.ya?ml|
+                kitchen.vagrant.yml|
+                test/.*/states/.*\.sls
+          )$
   - repo: https://github.com/warpnet/salt-lint
-    rev: v0.8.0
+    rev: v0.9.2
     hooks:
       - id: salt-lint
         name: Check Salt files using salt-lint
         files: ^.*\.(sls|jinja|j2|tmpl|tst)$
-  - repo: https://github.com/myint/rstcheck
-    rev: 3f929574
+  - repo: https://github.com/rstcheck/rstcheck
+    rev: v6.2.5
     hooks:
       - id: rstcheck
         name: Check reST files using rstcheck
         exclude: 'docs/CHANGELOG.rst'
+        additional_dependencies: [sphinx==7.2.6]
   - repo: https://github.com/saltstack-formulas/mirrors-rst-lint
-    rev: v1.3.2
+    rev: v1.4.0
     hooks:
       - id: rst-lint
         name: Check reST files using rst-lint
         exclude: |
             (?x)^(
                 docs/CHANGELOG.rst|
                 docs/TOFS_pattern.rst|
+                docs/CONTRIBUTING_DOCS.rst|
+                docs/index.rst|
             )$
-        additional_dependencies: [pygments==2.9.0]
+        additional_dependencies: [pygments==2.16.1]
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 40.48.11
+    hooks:
+      - id: renovate-config-validator
+        name: Check Renovate config with renovate-config-validator
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.33.0
+    hooks:
+      - id: check-github-workflows
+        name: Check GitHub workflows with check-jsonschema
+        args: [--verbose]
+      - id: check-gitlab-ci
+        name: Check GitLab CI config with check-jsonschema
+        args: [--verbose]

.rstcheck.cfg

@@ -1,4 +1,6 @@
 [rstcheck]
 report=info
 ignore_language=rst
-ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$)
+# salt['config.get']('roles') is misidentified as a Markdown link.
+#   Ignore for now, but perhaps try to submit a fix upstream in rstcheck
+ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$|\(rst\) Link is formatted in Markdown style\.)

.rubocop.yml

@@ -7,7 +7,7 @@ Layout/LineLength:
   # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
   Max: 88
 Metrics/BlockLength:
-  IgnoredMethods:
+  AllowedMethods:
     - control
     - describe
   # Increase from default of `25`

.yamllint

@@ -4,33 +4,6 @@
 # Extend the `default` configuration provided by `yamllint`
 extends: 'default'
 
-# Files to ignore completely
-# 1. All YAML files under directory `.bundle/`, introduced if gems are installed locally
-# 2. All YAML files under directory `.cache/`, introduced during the CI run
-# 3. All YAML files under directory `.git/`
-# 4. All YAML files under directory `node_modules/`, introduced during the CI run
-# 5. Any SLS files under directory `test/`, which are actually state files
-# 6. Any YAML files under directory `.kitchen/`, introduced during local testing
-# 7. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax
-ignore: |
-  .bundle/
-  .cache/
-  .git/
-  node_modules/
-  test/**/states/**/*.sls
-  .kitchen/
-  kitchen.vagrant.yml
-
-yaml-files:
-  # Default settings
-  - '*.yaml'
-  - '*.yml'
-  - .salt-lint
-  - .yamllint
-  # SaltStack Formulas additional settings
-  - '*.example'
-  - test/**/*.sls
-
 rules:
   empty-values:
     forbid-in-block-mappings: true