Modernize the project #41
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add Python Version Missing from actions/cache Key
⚠️ CONFLICT! Lineage pull request for: skeleton
Make sure all actions/cache steps are in-line with the changes made to the lint job's step.
Lineage pull request for: skeleton
⚠️ CONFLICT! Lineage pull request for: skeleton
Our other skeletons have this file, even if they are not Python projects. The directions in CONTRIBUTING.md reference such a file, which can be misleading. Rather than amending the CONTRIBUTING documentation, I feel it's better to align with our other skeletons for consistency.
Lineage pull request for: skeleton
Correct the Agency Name for Docker Images
Add a requirements-dev.txt pip Requirements File
I noticed the following warning when looking at GHA workflow runs: 1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary. Please remove this step as Code Scanning recommends analyzing the merge commit for best results. After looking into it I updated the workflow per this page on GitHub Docs: https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow#warning-git-checkout-head2-is-no-longer-necessary
Update CodeQL Workflow for GitHub Actions
* Duplicates DockerHub tags for ghcr.io * Adds login to GitHub Container Registry using the GITHUB_TOKEN secret. * Documentation update to reflect multi-registry publication.
Co-authored-by: Nick M. <[email protected]>
* Add instructions for cross-platform builds * Clean up shields * Clean up tables for each Docker configuration item * Add section about supported tags
This should resolve the following error: Error: Workflows triggered by Dependabot on the "push" event run with read-only access. Uploading Code Scanning results requires write access. To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. See https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push for more information on how to configure these events.
Co-authored-by: Hillary <[email protected]>
Co-authored-by: Hillary <[email protected]>
Co-authored-by: Hillary <[email protected]>
Co-authored-by: Hillary <[email protected]>
Co-authored-by: Hillary <[email protected]>
This ensures expected behavior by running the file as a Python script instead of executing the file and allowing bash to resolve how it runs.
Makes sure that the pip, pipenv, and setuptools packages installed are the latest version.
Update the dependencies installed in the Python virtual environment by running `pipenv lock` in the `src/` directory.
Remove unnecessary capitalization and fix a typo in a package name. Co-authored-by: dav3r <[email protected]>
…ation Update the image configuration
This fork includes changes that we need but are not present in the upstream project at this time. The version specification for the llnl-scraper package is updated in the Pipfile and the configuration is re-locked to update the lockfile.
Bump from 0.38.4 to 0.40.0.
…lnl-scraper Use `cisagov/scraper` instead of `llnl-scraper` from PyPI
mcdonnnj
added
documentation
|
You have successfully added a new CodeQL configuration |
jsf9k
approved these changes
Mar 17, 2023
This was referenced Mar 17, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🗣 Description
This pull request modernizes the configuration of this project and updates its parent repo from cisagov/skeleton-generic to cisagov/skeleton-docker.
💭 Motivation and context
Important reasons to update this project include:
The driving reason for updating this project however is that we need an image built with a newer version of boto3 to support using this image on an EC2 instances using IMDSv2 for IAM access.
This particular pull request is a collective including the following individual changes:
cisagov/skeleton-generictocisagov/skeleton-docker#30cisagov/skeleton-docker#35docker-compose.override.ymlfile #36cisagov/scraperinstead ofllnl-scraperfrom PyPI #40🧪 Testing
Automated tests pass. I have verified that I am able to generate a "good"
code.jsonwith the current pre-release version.✅ Pre-approval checklist
to reflect the changes in this PR.
✅ Pre-merge checklist
✅ Post-merge checklist