Revert .yamllint to match lineage; fix issues flagged by yamllint.

.github/dependabot.yml

@@ -27,40 +27,39 @@ updates:
       interval: 'weekly'
     ignore:
       - dependency-name: "*"
-        update-types: ["version-update:semver-patch","version-update:semver-minor"]
+        update-types: ["version-update:semver-patch", "version-update:semver-minor"]
   - package-ecosystem: "npm"
     directory: "/frontend"
     schedule:
       interval: "weekly"
     ignore:
       - dependency-name: "*"
-        update-types: ["version-update:semver-patch","version-update:semver-minor"]
+        update-types: ["version-update:semver-patch", "version-update:semver-minor"]
   - package-ecosystem: "npm"
     directory: "/backend"
     schedule:
       interval: "weekly"
     ignore:
       - dependency-name: "*"
-        update-types: ["version-update:semver-patch","version-update:semver-minor"]
+        update-types: ["version-update:semver-patch", "version-update:semver-minor"]
   - package-ecosystem: "pip"
     directory: "/backend/worker"
     schedule:
       interval: "weekly"
     ignore:
       - dependency-name: "*"
-        update-types: ["version-update:semver-patch","version-update:semver-minor"]
+        update-types: ["version-update:semver-patch", "version-update:semver-minor"]
   - package-ecosystem: 'docker'
     directory: '/'
     schedule:
       interval: 'weekly'
     ignore:
       - dependency-name: "*"
-        update-types: ["version-update:semver-patch","version-update:semver-minor"]
+        update-types: ["version-update:semver-patch", "version-update:semver-minor"]
   - package-ecosystem: 'github-actions'
     directory: '/'
     schedule:
       interval: 'weekly'
     ignore:
       - dependency-name: "*"
-        update-types: ["version-update:semver-patch","version-update:semver-minor"]
-
+        update-types: ["version-update:semver-patch", "version-update:semver-minor"]

.github/workflows/backend.yml

@@ -185,7 +185,9 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
       - name: Run syncdb
-        run: aws lambda invoke --function-name crossfeed-staging-syncdb --region us-east-1 /dev/stdout
+        run: |
+          aws lambda invoke --function-name crossfeed-staging-syncdb \
+          --region us-east-1 /dev/stdout
         working-directory: backend
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -234,7 +236,9 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
       - name: Run syncdb
-        run: aws lambda invoke --function-name crossfeed-prod-syncdb --region us-east-1 /dev/stdout
+        run: |
+          aws lambda invoke --function-name crossfeed-prod-syncdb --region us-east-1 \
+          /dev/stdout
         working-directory: backend
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}

.github/workflows/codeql.yml

@@ -3,9 +3,9 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "develop", "production" ]
+    branches: ["develop", "production"]
   pull_request:
-    branches: [ "develop" ]
+    branches: ["develop"]
   schedule:
     - cron: "23 17 * * 6"
 
@@ -21,7 +21,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ javascript ]
+        language: [javascript]
 
     steps:
       - name: Checkout

.github/workflows/infrastructure.yml

@@ -24,15 +24,16 @@ defaults:
 jobs:
   format:
     runs-on: ubuntu-latest
+    env:
+      URL: "https://releases.hashicorp.com/terraform/1.0.7/terraform_1.0.7_linux_amd64.zip"
     steps:
       - uses: actions/checkout@v3
-
       - name: Install Terraform
         run: |
-          wget https://releases.hashicorp.com/terraform/1.0.7/terraform_1.0.7_linux_amd64.zip
+          wget $URL
           unzip terraform_1.0.7_linux_amd64.zip
           sudo mv terraform /usr/local/bin
-      
+
       - name: Check format
         run: terraform fmt -recursive -check -diff
 
@@ -46,7 +47,7 @@ jobs:
 
       - name: Install Terraform
         run: |
-          wget https://releases.hashicorp.com/terraform/1.0.7/terraform_1.0.7_linux_amd64.zip
+          wget $URL
           unzip terraform_1.0.7_linux_amd64.zip
           sudo mv terraform /usr/local/bin
 
@@ -71,7 +72,7 @@ jobs:
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      
+
       - if: ${{ always() }}
         run: rm stage.plan || true
 
@@ -85,7 +86,7 @@ jobs:
 
       - name: Install Terraform
         run: |
-          wget https://releases.hashicorp.com/terraform/1.0.7/terraform_1.0.7_linux_amd64.zip
+          wget $URL
           unzip terraform_1.0.7_linux_amd64.zip
           sudo mv terraform /usr/local/bin
 
@@ -113,6 +114,6 @@ jobs:
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      
+
       - if: ${{ always() }}
         run: rm prod.plan || true

.github/workflows/security.yml

@@ -89,4 +89,6 @@ jobs:
           restore-keys: |
             pip-
       - run: pip install safety
-      - run: safety check -r worker/requirements.txt --policy-file ./worker/.safety-policy.yml
+      - run: |
+          safety check -r worker/requirements.txt \
+          --policy-file ./worker/.safety-policy.yml

.yamllint

@@ -12,12 +12,12 @@ rules:
   # default. There are many scenarios where the inline mapping may be a key,
   # hash, or other long value that would exceed the line length but cannot
   # reasonably be broken across lines.
-  line-length: disable
+  line-length:
+    # This rule implies the allow-non-breakable-words rule
+    allow-non-breakable-inline-mappings: true
+    # Allows a 10% overage from the default limit of 80
+    max: 88
 
   # yamllint doesn't like when we use yes and no for true and false,
   # but that's pretty standard in Ansible.
   truthy: disable
-
-  # yamlint doesn't like when we use spaces inside braces
-  # but that's pretty standard.
-  braces: disable

backend/.eslintrc.yml

@@ -1,6 +1,6 @@
 ---
 {
-  "env": { "es6": true, "node": true },
+  "env": {"es6": true, "node": true},
   "parser": "@typescript-eslint/parser",
   "ignorePatterns": ["dist/**"],
   "extends":
@@ -9,13 +9,13 @@
       "plugin:@typescript-eslint/eslint-recommended",
     ],
   "plugins": ["prettier", "@typescript-eslint"],
-  "parserOptions": { "ecmaVersion": 2018, "sourceType": "module" },
+  "parserOptions": {"ecmaVersion": 2018, "sourceType": "module"},
   "rules":
     {
       "prettier/prettier": "error",
       "react/prop-types": 0,
       "react/display-name": 0,
     },
-  "settings": { "react": { "version": "detect" } },
-  "globals": { "Atomics": "readonly", "SharedArrayBuffer": "readonly" },
+  "settings": {"react": {"version": "detect"}},
+  "globals": {"Atomics": "readonly", "SharedArrayBuffer": "readonly"},
 }

backend/src/api/functions.yml

@@ -7,7 +7,8 @@ api:
         method: ANY
         cors: true
     - http:
-        path: /{any+}  # this matches any path, the token 'any' doesn't mean anything special
+        # this matches any path, the token 'any' doesn't mean anything special
+        path: /{any+}
         method: ANY
         cors: true
   # provisionedConcurrency: 1

backend/worker/.safety-policy.yml

@@ -1,15 +1,32 @@
 ---
 # Safety Security and License Configuration file
-# We recommend checking this file into your source control in the root of your Python project
-# If this file is named .safety-policy.yml and is in the same directory where you run `safety check` it will be used by default.
-# Otherwise, you can use the flag `safety check --policy-file <path-to-this-file>` to specify a custom location and name for the file.
-# To validate and review your policy file, run the validate command: `safety validate policy_file --path <path-to-this-file>`
+# We recommend checking this file into your source control in the root of your Python
+# project
+# If this file is named .safety-policy.yml and is in the same directory where you run
+# `safety check` it will be used by default.
+# Otherwise, you can use the flag `safety check --policy-file <path-to-this-file>` to
+# specify a custom location and name for the file.
+# To validate and review your policy file, run the validate command: `safety validate
+# policy_file --path <path-to-this-file>`
+# A severity number between 0 and 10. Some helpful reference points: 9=ignore all
+# vulnerabilities except CRITICAL severity. 7=ignore all vulnerabilities except
+# CRITICAL & HIGH severity. 4=ignore all vulnerabilities except CRITICAL, HIGH &
+# MEDIUM severity.
 security:  # configuration for the `safety check` command
-  ignore-cvss-severity-below: 0  # A severity number between 0 and 10. Some helpful reference points: 9=ignore all vulnerabilities except CRITICAL severity. 7=ignore all vulnerabilities except CRITICAL & HIGH severity. 4=ignore all vulnerabilities except CRITICAL, HIGH & MEDIUM severity.
-  ignore-cvss-unknown-severity: False  # True or False. We recommend you set this to False.
-  ignore-vulnerabilities:  # Here you can list multiple specific vulnerabilities you want to ignore (optionally for a time period)
-    # We recommend making use of the optional `reason` and `expires` keys for each vulnerability that you ignore.
+  ignore-cvss-severity-below: 0
+  # True or False. We recommend you set this to False.
+  ignore-cvss-unknown-severity: False
+  # Here you can list multiple specific vulnerabilities you want to ignore
+  # (optionally for a time period)
+  ignore-vulnerabilities:
+    # We recommend making use of the optional `reason` and `expires` keys for each
+    # vulnerability that you ignore.
     54672:  # Vulnerability found in scrapy version >= 0.7
-      reason: No fix currently available  # optional, for internal note purposes to communicate with your team. This reason will be reported in the Safety reports
+      # optional, for internal note purposes to communicate with your team.
+      # This reason will be reported in the Safety reports
+      reason: No fix currently available
       expires: '2024-06-01'  # We will revisit for a fix in 6 months.
-  continue-on-vulnerability-error: False  # Suppress non-zero exit codes when vulnerabilities are found. Enable this in pipelines and CI/CD processes if you want to pass builds that have vulnerabilities. We recommend you set this to False.
+  # Suppress non-zero exit codes when vulnerabilities are found. Enable this in
+  # pipelines and CI/CD processes if you want to pass builds that have vulnerabilities.
+  # We recommend you set this to False.
+  continue-on-vulnerability-error: False

frontend/.eslintrc.yml

@@ -1,6 +1,6 @@
 ---
 {
-  'env': { 'browser': true, 'es6': true, 'node': true },
+  'env': {'browser': true, 'es6': true, 'node': true},
   'parser': '@typescript-eslint/parser',
   'extends':
     [
@@ -12,7 +12,7 @@
   'plugins': ['react', 'react-hooks', 'prettier', '@typescript-eslint'],
   'parserOptions':
     {
-      'ecmaFeatures': { 'jsx': true },
+      'ecmaFeatures': {'jsx': true},
       'ecmaVersion': 2018,
       'sourceType': 'module'
     },
@@ -22,6 +22,6 @@
       'react/prop-types': 0,
       'react/display-name': 0
     },
-  'settings': { 'react': { 'version': 'detect' } },
-  'globals': { 'Atomics': 'readonly', 'SharedArrayBuffer': 'readonly' }
+  'settings': {'react': {'version': 'detect'}},
+  'globals': {'Atomics': 'readonly', 'SharedArrayBuffer': 'readonly'}
 }

frontend/serverless.yml

@@ -46,7 +46,8 @@ functions:
           path: /  # this matches the base path
           method: GET
       - http:
-          path: /{any+}  # this matches any path, the token 'any' doesn't mean anything special
+          # this matches any path, the token 'any' doesn't mean anything special
+          path: /{any+}
           method: GET
     # provisionedConcurrency: 1
   docs: