This repository has been archived by the owner on Feb 6, 2024. It is now read-only.
⚠️ CONFLICT! Lineage pull request for: skeleton #15
Draft
cisagovbot
wants to merge
168
commits into
develop
Choose a base branch
from
lineage/skeleton
base: develop
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Additionally as of v3.1.0 of actions/setup-go there is a go-version output value to retrieve the version of Go installed by the Action. This allows us to remove the step to manually retrieve this information from the Go executable.
Go 1.16 is no longer supported as of the release of 1.18 so it makes sense to update to the latest version available.
Go 1.19 was released while this branch was in the wings and it makes sense to bump to the latest Go release.
Update Go installation in the `build.yml` workflow
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 1 to 2. - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](hashicorp/setup-terraform@v1...v2) --- updated-dependencies: - dependency-name: hashicorp/setup-terraform dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…orp/setup-terraform-2 Bump hashicorp/setup-terraform from 1 to 2
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…s/setup-python-4 Bump actions/setup-python from 3 to 4
Add a comment that states that the commented out ignore directives are managed by cisagov/skeleton-generic.
This adds the other versioned Actions that should be managed by cisagov/skeleton-generic to the list of commented out dependencies to ignore.
…nores Update Dependabot ignore directives
GitHub has deprecated the set-output command per: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ This updates the GitHub Actions workflow to use the newly preferred method to set the output for a job's step.
Remove usage of `set-output` from our GitHub Actions workflow
Increase the line length maximum from the default of 80 to 88. This 10% increase mirrors the line length allowed in other linter configurations such as black.
…-length_rules Update the `line-length` configuration for `yamllint`
Per PyCQA/flake8#1290 this hook moved from GitLab to GitHub. The version we use is bumped to the latest tag on GitHub as well.
Update the `flake8` pre-commit hook configuration
Update pre-commit hooks using `pre-commit autoupdate`. The `ansible-lint` hook is intentionally held back due to issues with upgrading to v6.
Update pre-commit hooks
This configuration file stores information about the labels expected in this repository.
This adds a workflow to ensure that the repository labels are updated to reflect changes to the label configuration file .github/labels.yml.
Add workflow to manage repository labels
Update the configuration for repository labels to remove the leading `#` from color values. With a `#` leading the values they are seen as invalid by the GitHub API.
There was a missing empty line in the `.yamllint` file between two rule definitions.
Update two configuration files
There is no Python 3.6 on Ubuntu 22.04 release available from actions/python-versions. Since Ubuntu 22.04 is what is being used for the `ubuntu-latest` tag we need to pin Python 3.6 testing to use the old `ubuntu-20.04` tag.
Pin Python 3.6 testing to Ubuntu 20.04
…s/checkout-4 Bump actions/checkout from 3 to 4
Update the version of the `crazy-max/ghaction-github-labeler` Action and add a dependabot ignore directive
This is done automatically with the `pre-commit autoupdate` command.
This mirror was created to leverage performance optimizations from mypyc wheels that are available if black is installed from PyPI. These wheels are not available if black is installed from source as it would be using the old URL. Please see psf/black#3828 and psf/black#3405 for more information.
This action is added in a separate "diagnostics" job. As configured it will never fail, but it will print out the status of the various GitHub components. This information will sometimes be useful when determining why builds fail after the fact. Co-authored-by: Mark Feldhousen <mark.feldhousen@gwe.cisa.dhs.gov> Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
Even though the diagnostics job is not currently configured to fail due to the GitHub status, it is still true that if the job is unable to run that does not bode well for the lint job's successful execution. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
This can be useful when debugging why a GH Action failed. Co-authored-by: felddy <mark.feldhousen@gwe.cisa.dhs.gov>
This GH Action is being configured to run in audit mode. It should warn us if an Action is reaching out to an unexpected web address, overwriting source code, etc. Co-authored-by: felddy <mark.feldhousen@gwe.cisa.dhs.gov>
This task can only provide coverage for the job that contains it.
We need a reminder add the step-security/harden-runner action at the top of every job. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
Update `pre-commit` hooks
Change the source repository for the `black` hook
Add a job that runs diagnostics
Enable the new dependabot ignore directives that were added in cisagov/skeleton-generic.
This updates the remaining declarations to match what was pulled down from cisagov/skeleton-generic.
Ensure the `diagnostics` job is a dependency for the other jobs. This aligns with what was done to the `lint` job in cisagov/skeleton-generic.
This aligns with what was done to the `lint` job of the build.yml workflow that was inherited from cisagov/skeleton-generic.
This bumps the second bandit hook that is used in this project lineage. Since this hook does not exist in the configuration from cisagov/skeleton-generic we must update it here.
We generally only use quotes when they are strictly necessary to ensure data is interpreted as a string value. This mirrors what was done to the configurations inherited from cisagov/skeleton-generic.
It's good to agree everywhere with the changes we made to the build.yml workflow in cisagov/skeleton-generic#144.
Note that these instances _will not_ be updated via the upstream pull request cisagov/skeleton-generic#154.
⚠️ CONFLICT! Lineage pull request for: skeleton
…for-codeql-workflow Add a diagnostics job to the CodeQL workflow
Add support for Python version 3.12 in build workflow
Add the Actions that are used in the CodeQL workflow as commented out dependencies to ignore in the dependabot configuration. These will be un-commented in downstream repositories so that only cisagov/skeleton-python-library will have dependabot PRs created for these dependencies.
…nore_directives Add new, disabled dependabot ignore directives
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request: CONFLICT
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-python-library.git
Remote branch:
HEAD
Check the changes in this pull request to ensure they won't cause issues with
your project.
The
lineage/skeleton
branch has one or more unresolved merge conflictsthat you must resolve before merging this pull request!
How to resolve the conflicts
Take ownership of this pull request by removing any other assignees.
Clone the repository locally, and reapply the merge:
Review the changes displayed by the
status
command. Fix any conflicts andpossibly incorrect auto-merges.
After resolving each of the conflicts,
add
your changes to thebranch,
commit
, andpush
your changes:Note that you may append to the default merge commit message
that git creates for you, but please do not delete the existing
content. It provides useful information about the merge that is
being performed.
Wait for all the automated tests to pass.
Check the "Everything is cool" checkbox below:
Mark this draft pull request "Ready for review".
Note: You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml
📚 Read more about Lineage