Skip to content
This repository has been archived by the owner on Feb 26, 2025. It is now read-only.

⚠️ CONFLICT! Lineage pull request for: skeleton #9

Draft
wants to merge 567 commits into
base: develop
Choose a base branch
from
Draft

⚠️ CONFLICT! Lineage pull request for: skeleton #9

wants to merge 567 commits into from

Conversation

cisagovbot
Copy link

Lineage Pull Request: CONFLICT

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-python-library.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

The lineage/skeleton branch has one or more unresolved merge conflicts
that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone [email protected]:cisagov/rva-reporting-engine-python.git rva-reporting-engine-python
cd rva-reporting-engine-python
git remote add skeleton https://github.com/cisagov/skeleton-python-library.git
git remote set-url --push skeleton no_push
git switch develop
git checkout -b lineage/skeleton --track origin/develop
git pull skeleton HEAD
git status

  3. Review the changes displayed by the status command. Fix any conflicts and
    possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the
    branch, commit, and push your changes:

    git add .github/lineage.yml setup.py 
git commit
git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message
    that git creates for you, but please do not delete the existing
    content    . It provides useful information about the merge that is
    being performed.

  5. Wait for all the automated tests to pass.

  6. Check the "Everything is cool" checkbox below:

    • ✌️ The conflicts in this pull request have been resolved.

  7. Mark this draft pull request "Ready for review".

Note: You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

@cisagovbot cisagovbot added the upstream update This issue or pull request pulls in upstream updates label Jun 2, 2022
mcdonnnj and others added 25 commits July 13, 2023 22:30
@mcdonnnj
Remove unnecessary quotes in the dependabot configuration
d311825 
We generally only use quotes when they are strictly necessary to ensure
data is interpreted as a string value.
@mcdonnnj
Sort the keys in the Dependabot configuration
2294d49 
Our standard practice for YAML files is to sort keys alphabetically.
@jsf9k @dv4harr10
Delete duplicate word "are"
e678502 
Co-authored-by: David Harris <[email protected]>
@jasonodoom @mcdonnnj
Fix gosec stylization
948ebde 
Co-authored-by: Nick <[email protected]>
@jsf9k
Revert "Temporarily use a different branch of cisagov/setup-env-githu…
98d3d3f 
…b-action"

This reverts commit ddbf6f7.

This can be done now that cisagov/setup-env-github-action#65 has been
merged.
@jasonodoom
Add nixfmt pre-commit hook
82db36a
@dependabot
Bump actions/checkout from 3 to 4
c0b5d5b 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@mcdonnnj
Bump crazy-max/ghaction-github-labeler from 4 to 5
b04654e
@mcdonnnj
Update the dependabot ignore configuration
49ac8c5 
Add crazy-max/ghaction-github-labeler as a commented out dependency to
ignore in the dependabot configuration file. This should be enabled in
downstream projects to consolidate updating this Action to the
cisagov/skeleton-generic repository.
@mcdonnnj
Merge pull request #138 from cisagov/add-go-packages
4ec50ab 
Add go packages for pre-commit
@mcdonnnj
Merge pull request #139 from cisagov/improvement/use-correct-repo-name
8145a93 
Use the correct repo name for the ansible-lint pre-commit hook
@mcdonnnj
Merge pull request #140 from cisagov/improvement/update_dependabot_co…
ce74358 
…nfiguration

Update the Dependabot configuration
@mcdonnnj
Merge pull request #141 from cisagov/documentation/grammar
338e3e1 
Delete duplicate word "are"
@mcdonnnj
Merge pull request #143 from cisagov/add-nixfmt
8432f1e 
Add nixfmt pre-commit hook
@mcdonnnj
Merge pull request #145 from cisagov/dependabot/github_actions/action…
8cdbc7b 
…s/checkout-4

Bump actions/checkout from 3 to 4
@mcdonnnj
Merge pull request #146 from cisagov/improvement/update_labeler_action
ca49bea 
Update the version of the `crazy-max/ghaction-github-labeler` Action and add a dependabot ignore directive
@mcdonnnj
Update pre-commit hook versions
94d753d 
This is done automatically with the `pre-commit autoupdate` command.
@mcdonnnj
Switch to the pre-commit mirror for black
1bc2056 
This mirror was created to leverage performance optimizations from
mypyc wheels that are available if black is installed from PyPI. These
wheels are not available if black is installed from source as it would
be using the old URL. Please see psf/black#3828 and psf/black#3405 for
more information.
@jsf9k @felddy @mcdonnnj
Add the crazy-max/ghaction-github-status GitHub action
a62ebe7 
This action is added in a separate "diagnostics" job.  As configured
it will never fail, but it will print out the status of the various
GitHub components.  This information will sometimes be useful when
determining why builds fail after the fact.

Co-authored-by: Mark Feldhousen <[email protected]>
Co-authored-by: Nick <[email protected]>
@jsf9k @mcdonnnj
Make the lint job depend on the diagnostics job
3619c45 
Even though the diagnostics job is not currently configured to fail
due to the GitHub status, it is still true that if the job is unable
to run that does not bode well for the lint job's successful
execution.

Co-authored-by: Nick <[email protected]>
@jsf9k @felddy @mcdonnnj
Add a GH Action to dump the context
f437066 
This can be useful when debugging why a GH Action failed.

Co-authored-by: felddy <[email protected]>
@jsf9k @mcdonnnj
Give the diagnostics job a descriptive name
c5e56a2
@jsf9k @felddy @mcdonnnj
Add the step-security/harden-runner GH Action
9afb516 
This GH Action is being configured to run in audit mode.  It should
warn us if an Action is reaching out to an unexpected web address,
overwriting source code, etc.

Co-authored-by: felddy <[email protected]>
@jsf9k @mcdonnnj
Add a harden-runner task to the lint job as well
9dc773c 
This task can only provide coverage for the job that contains it.
@jsf9k @mcdonnnj
Add a reminder
bb81ec3 
We need a reminder add the step-security/harden-runner action at the
top of every job.

Co-authored-by: Nick <[email protected]>
jsf9k and others added 22 commits October 31, 2024 13:35
@jsf9k
Remove needless shebang
efb9279
@jsf9k
Remove repeated comment
59756cc
@mcdonnnj
Update the commented out dependabot ignore directives
8824475 
Add a directive for hashicorp/setup-packer that was missed when it was
added to the `build` workflow. Add a directive for
cisagov/setup-env-github-action that is not strictly necessary since we
currently just pull from the `develop` branch, but is good to have in
case we were to change that in the future.
@mcdonnnj
Merge pull request #195 from cisagov/bug/add_missing_dependabot_ignore
e6afb68 
Add missing dependabot ignore directives
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
7a07800 
# Conflicts:
#	.github/dependabot.yml
@jsf9k
Resolve conflict from follow-on Lineage update
34b8efe
@jsf9k
Uncomment new Dependabot directives from upstream
3ef4f2f
@jsf9k
Bump up the lower bound on ansible-core
12a91ad 
This is being done because the pip-audit pre-commit hook identifies a
vulnerability in ansible-core version 2.16.13.  Note that this
requires that we bump up ansible to version 10 since all versions of
ansible 9 have a dependency on ~=2.16.X.
@jsf9k
Update the version of the ansible-lint pre-commit hook
b9f798d 
Version 24.10.0 is the first version that supports Fedora 41 as a
valid platform.
@jsf9k @mcdonnnj
Adjust pin for ansible-core
cca133a 
The pin of ansible-core was originally put in place because the
pip-audit pre-commit hook identifies a vulnerability in ansible-core
2.16.13.  Normally we would pin ansible-core to >2.16.13, but in the
spirit of the earlier, optional pin of ansible>=10 we pin ansible-core
to >=2.17.  This effectively also pins ansible to >=10.

Co-authored-by: Nick M <[email protected]>
@jsf9k @mcdonnnj
Add comments about looming EOL issues for ansible and ansible-core
bd85261 
This adds even more evidence for why it is a good idea to go ahead and
upgrade ansible and ansible-core, in addition to the vulnerability
that pip-audit turned up.

Co-authored-by: Nick M <[email protected]>
@jsf9k
Merge pull request #196 from cisagov/improvement/add-a-lower-bound-pi…
f7ccd9a 
…n-for-ansible-core

Bump up the lower bound on `ansible-core`
@jsf9k
Merge pull request #197 from cisagov/improvement/upgrade-ansible-lint…
a794735 
…-pre-commit-hook-version

Update the version of the `ansible-lint` `pre-commit` hook
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
87f15d4
@jsf9k
Merge pull request #144 from cisagov/improvement/remove-python-3.7
adbf9e4 
Remove support for Python 3.7 and 3.8
@jsf9k
Merge pull request #138 from cisagov/improvement/add-flag-to-mypy
8d93493 
Add the `--non-interactive` flag when installing type stubs via `mypy`
@jsf9k
Merge pull request #139 from cisagov/improvement/pytest-config
0989965 
Improve pytest configuration
@jsf9k
Merge pull request #140 from cisagov/lineage/skeleton
00fd1d8 
⚠️ CONFLICT! Lineage pull request for: skeleton
@jsf9k
Merge pull request #141 from cisagov/improvement/add-dev-dependencies
a5650c2 
Add `dev` dependencies section
@jsf9k
Merge pull request #142 from cisagov/improvement/remove-some-unnecess…
42cab98 
…ary-pins

Remove two unnecessary pins
@jsf9k
Merge pull request #143 from cisagov/improvement/support-python-13
0da26c3 
Support Python 3.13
Merge https://github.com/cisagov/skeleton-python-library into lineage…
05887d3 
…/skeleton
@jsf9k jsf9k added the github_actions Pull requests that update Github_actions code label Feb 5, 2025
@jsf9k jsf9k removed their assignment Feb 5, 2025
jsf9k and others added 3 commits February 7, 2025 10:52
@jsf9k
Upgrade GH Action in CodeQL workflow
72532d1 
We are using crazy-max/ghaction-github-status@v4 in our other
workflows, so we should use it here too.
@jsf9k
Merge pull request #146 from cisagov/improvement/update-version-of-gh…
dfb0f1f 
…-action

Upgrade GH Action in CodeQL workflow
Merge https://github.com/cisagov/skeleton-python-library into lineage…
1dc4093 
…/skeleton
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@dav3r dav3r Awaiting requested review from dav3r dav3r will be requested when the pull request is marked ready for review dav3r is a code owner

@felddy felddy Awaiting requested review from felddy felddy will be requested when the pull request is marked ready for review felddy is a code owner

@jsf9k jsf9k Awaiting requested review from jsf9k jsf9k will be requested when the pull request is marked ready for review jsf9k is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj will be requested when the pull request is marked ready for review mcdonnnj is a code owner

Assignees
No one assigned
Labels
github_actions Pull requests that update Github_actions code upstream update This issue or pull request pulls in upstream updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@cisagovbot @felddy @jsf9k @dav3r @mcdonnnj @jasonodoom @michaelsaki