-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lineage pull request for: skeleton #2
Open
cisagovbot
wants to merge
116
commits into
develop
Choose a base branch
from
lineage/skeleton
base: develop
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v2...v3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…s/upload-artifact-3 Bump actions/upload-artifact from 2 to 3
Add ignore directives and an attribution comment to the dependabot configurtation. These will be uncommented in descendants of this project (cisagov/skeleton-python-library) so that version changes to these Actions are controlled through this project.
…ttributions Add ignore directives to the dependabot configuration
Update pre-commit hooks using `pre-commit autoupdate`. The `ansible-lint` hook is intentionally held back to be updated independently to v6.
Update `pre-commit` hooks
Add a security label
Lineage pull request for: skeleton
Retrieve the wheel to a `dist/` sub-directory and get the name of the specific file (wheel) to be installed. Then update the installation step to use this found filename instead of a wildcard.
When installing the wheel that was built in the `build` job we will also install the `test` optional dependencies.
…ncies_in_test-build_gha_job Improve testing dependency installation in the `test-build` job
Sort all pre-`steps` keys alphabetically descending. Sorting all keys alphabetically would be somewhat onerous because the `strategy` key would come after the `steps` key even though it's configuration information. We can at least sort everything but the `steps` key in alphabetically descending order and make the `steps` the last for a job.
Add `name` keys to the `test`, `build`, and `test-build` jobs that are both more descriptive and include the Python version from the job's matrix. This will produce consistent and more helpful job names in the GitHub Actions log in the GitHub web UI.
…s_using_matrix_strategy Improve job names for the `build` workflow in GitHub Actions
Add @jasonodoom as a default codeowner
This is the latest minor release of Python so it makes sense to use it as the default for this job.
…n_for_lint_job Use Python 3.11 for the `lint` job in the `build` workflow
This is done automatically with the `pre-commit autoupdate` command. However the `ansible-lint` hook is manually kept back as we have not tested functionality to confirm that our roles will generally pass with the new version.
Update `pre-commit` hooks
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…s/setup-go-4 Bump actions/setup-go from 3 to 4
When wheel gets installed alongside other packages, it may not get used when those other packages are installed. When that happens I see warnings like this: DEPRECATION: ansible-core is being installed using the legacy 'setup.py install' method, because it does not have a 'pyproject.toml' and the 'wheel' package is not installed. pip 23.1 will enforce this behaviour change. A possible replacement is to enable the '--use-pep517' option. Discussion can be found at pypa/pip#8559 This change should get rid of these warnings. Nota bene: This is the practice we follow in the Dockerfile in cisagov/skeleton-docker, but for some reason we never started using it in our workflows.
…nd-wheel-with-pip Install/upgrade setuptools and wheel when upgrading pip
Lineage pull request for: skeleton
Update the version of the `crazy-max/ghaction-github-labeler` Action and add a dependabot ignore directive
This is done automatically with the `pre-commit autoupdate` command.
This mirror was created to leverage performance optimizations from mypyc wheels that are available if black is installed from PyPI. These wheels are not available if black is installed from source as it would be using the old URL. Please see psf/black#3828 and psf/black#3405 for more information.
This action is added in a separate "diagnostics" job. As configured it will never fail, but it will print out the status of the various GitHub components. This information will sometimes be useful when determining why builds fail after the fact. Co-authored-by: Mark Feldhousen <mark.feldhousen@gwe.cisa.dhs.gov> Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
Even though the diagnostics job is not currently configured to fail due to the GitHub status, it is still true that if the job is unable to run that does not bode well for the lint job's successful execution. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
This can be useful when debugging why a GH Action failed. Co-authored-by: felddy <mark.feldhousen@gwe.cisa.dhs.gov>
This GH Action is being configured to run in audit mode. It should warn us if an Action is reaching out to an unexpected web address, overwriting source code, etc. Co-authored-by: felddy <mark.feldhousen@gwe.cisa.dhs.gov>
This task can only provide coverage for the job that contains it.
We need a reminder add the step-security/harden-runner action at the top of every job. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
Update `pre-commit` hooks
Change the source repository for the `black` hook
Add a job that runs diagnostics
Enable the new dependabot ignore directives that were added in cisagov/skeleton-generic.
This updates the remaining declarations to match what was pulled down from cisagov/skeleton-generic.
Ensure the `diagnostics` job is a dependency for the other jobs. This aligns with what was done to the `lint` job in cisagov/skeleton-generic.
This aligns with what was done to the `lint` job of the build.yml workflow that was inherited from cisagov/skeleton-generic.
This bumps the second bandit hook that is used in this project lineage. Since this hook does not exist in the configuration from cisagov/skeleton-generic we must update it here.
We generally only use quotes when they are strictly necessary to ensure data is interpreted as a string value. This mirrors what was done to the configurations inherited from cisagov/skeleton-generic.
It's good to agree everywhere with the changes we made to the build.yml workflow in cisagov/skeleton-generic#144.
Note that these instances _will not_ be updated via the upstream pull request cisagov/skeleton-generic#154.
⚠️ CONFLICT! Lineage pull request for: skeleton
…for-codeql-workflow Add a diagnostics job to the CodeQL workflow
Add support for Python version 3.12 in build workflow
Add the Actions that are used in the CodeQL workflow as commented out dependencies to ignore in the dependabot configuration. These will be un-commented in downstream repositories so that only cisagov/skeleton-python-library will have dependabot PRs created for these dependencies.
…nore_directives Add new, disabled dependabot ignore directives
jsf9k
requested changes
Dec 20, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The issue I brought up in my original review still stands.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-python-library.git
Remote branch:
HEAD
Check the changes in this pull request to ensure they won't cause issues with
your project.
✅ Pre-approval checklist
Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml
📚 Read more about Lineage