-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lineage pull request for: skeleton #3
Open
cisagovbot
wants to merge
85
commits into
develop
Choose a base branch
from
lineage/skeleton
base: develop
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: Shane Frasier <jeremy.frasier@trio.dhs.gov>
Co-authored-by: Shane Frasier <jeremy.frasier@trio.dhs.gov>
Co-authored-by: Shane Frasier <jeremy.frasier@trio.dhs.gov>
Co-authored-by: Shane Frasier <jeremy.frasier@trio.dhs.gov>
Co-authored-by: Shane Frasier <jeremy.frasier@trio.dhs.gov>
Co-authored-by: Shane Frasier <jeremy.frasier@trio.dhs.gov>
The golang/lint tool was archived on May 9th, 2021 and based on golang/go#38968 no future work is planned. Coupled with the fact that it is not available from brew we are removing this hook as local development may be hindered by trying to satisfy running this hook. Co-authored-by: Shane Frasier <jeremy.frasier@gwe.cisa.dhs.gov> Co-authored-by: dav3r <david.redmin@gwe.cisa.dhs.gov>
This is done automatically with the `pre-commit autoupdate` command.
The cache key used relies on the existence of a go.sum file. Since we have no expectation for Go source code, including that file, and since we already include the Go cache in our job caching, we can safely disable caching in the Action.
Bump the version of Go used in our GitHub Actions configuration to the latest stable Go release.
Add Go hooks
Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
Update the version of the `crazy-max/ghaction-github-labeler` Action and add a dependabot ignore directive
This is done automatically with the `pre-commit autoupdate` command.
This mirror was created to leverage performance optimizations from mypyc wheels that are available if black is installed from PyPI. These wheels are not available if black is installed from source as it would be using the old URL. Please see psf/black#3828 and psf/black#3405 for more information.
This action is added in a separate "diagnostics" job. As configured it will never fail, but it will print out the status of the various GitHub components. This information will sometimes be useful when determining why builds fail after the fact. Co-authored-by: Mark Feldhousen <mark.feldhousen@gwe.cisa.dhs.gov> Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
Even though the diagnostics job is not currently configured to fail due to the GitHub status, it is still true that if the job is unable to run that does not bode well for the lint job's successful execution. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
This can be useful when debugging why a GH Action failed. Co-authored-by: felddy <mark.feldhousen@gwe.cisa.dhs.gov>
This GH Action is being configured to run in audit mode. It should warn us if an Action is reaching out to an unexpected web address, overwriting source code, etc. Co-authored-by: felddy <mark.feldhousen@gwe.cisa.dhs.gov>
This task can only provide coverage for the job that contains it.
We need a reminder add the step-security/harden-runner action at the top of every job. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
Update `pre-commit` hooks
Change the source repository for the `black` hook
Add a job that runs diagnostics
Enable the new dependabot ignore directives that were added in cisagov/skeleton-generic.
This updates the remaining declarations to match what was pulled down from cisagov/skeleton-generic.
Ensure the `diagnostics` job is a dependency for the other jobs. This aligns with what was done to the `lint` job in cisagov/skeleton-generic.
This aligns with what was done to the `lint` job of the build.yml workflow that was inherited from cisagov/skeleton-generic.
This bumps the second bandit hook that is used in this project lineage. Since this hook does not exist in the configuration from cisagov/skeleton-generic we must update it here.
We generally only use quotes when they are strictly necessary to ensure data is interpreted as a string value. This mirrors what was done to the configurations inherited from cisagov/skeleton-generic.
It's good to agree everywhere with the changes we made to the build.yml workflow in cisagov/skeleton-generic#144.
Note that these instances _will not_ be updated via the upstream pull request cisagov/skeleton-generic#154.
⚠️ CONFLICT! Lineage pull request for: skeleton
…for-codeql-workflow Add a diagnostics job to the CodeQL workflow
Add support for Python version 3.12 in build workflow
Add the Actions that are used in the CodeQL workflow as commented out dependencies to ignore in the dependabot configuration. These will be un-commented in downstream repositories so that only cisagov/skeleton-python-library will have dependabot PRs created for these dependencies.
…nore_directives Add new, disabled dependabot ignore directives
…/skeleton # Conflicts: # .github/dependabot.yml
Pull Request Test Coverage Report for Build 7268730716
💛 - Coveralls |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-python-library.git
Remote branch:
HEAD
Check the changes in this pull request to ensure they won't cause issues with
your project.
✅ Pre-approval checklist
Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!
in code comments.
to reflect the changes in this PR.
✅ Pre-merge checklist
Remove any of the following that do not apply. These boxes should
remain unchecked until the pull request has been approved.
appropriate
via the
bump_version.sh
script if this repository isversioned and the changes in this PR warrant a version
bump.
✅ Post-merge checklist
Remove any of the following that do not apply.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml
📚 Read more about Lineage