Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⚠️ CONFLICT! Lineage pull request for: skeleton #838

Merged
merged 30 commits into from
Nov 21, 2024
Merged
Changes from 7 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
942c0dc
Add a new trigger for the sync-labels GitHub Actions workflow
mcdonnnj Aug 13, 2024
a267662
Remove unnecessary quotes in the sync-labels workflow
mcdonnnj Aug 13, 2024
dc7f09e
Add four new hooks from pre-commit/pre-commit-hooks
mcdonnnj Sep 14, 2024
343d2cc
Add the GitHubSecurityLab/actions-permissions/monitor Action
mcdonnnj Oct 28, 2024
8a77a8b
Restrict permissions of GITHUB_TOKEN
mcdonnnj Oct 28, 2024
3b1d4ef
Update pre-commit hook versions
mcdonnnj Oct 16, 2024
1d285f2
Sort hook ids in each pre-commit hook entry
mcdonnnj Oct 29, 2024
5da1059
Merge pull request #189 from cisagov/improvement/manually_run_sync-la…
mcdonnnj Oct 30, 2024
ff221ba
Merge pull request #190 from cisagov/improvement/add_actions-permissi…
mcdonnnj Oct 30, 2024
971602a
Merge pull request #191 from cisagov/improvement/github_tokenn_polp
mcdonnnj Oct 30, 2024
bdf8a25
Merge pull request #192 from cisagov/maintenance/update_pre-commit_hooks
mcdonnnj Oct 30, 2024
6959971
Merge pull request #193 from cisagov/improvement/add_more_pre-commit_…
mcdonnnj Oct 30, 2024
f517db7
Merge pull request #194 from cisagov/improvement/ensure_pre-commit_ho…
mcdonnnj Oct 30, 2024
8824475
Update the commented out dependabot ignore directives
mcdonnnj Nov 1, 2024
e6afb68
Merge pull request #195 from cisagov/bug/add_missing_dependabot_ignore
mcdonnnj Nov 1, 2024
d1768d7
Merge github.com:cisagov/skeleton-generic into lineage/skeleton
mcdonnnj Nov 5, 2024
2a90bd7
Enable new dependabot ignore directives
mcdonnnj Nov 5, 2024
37ab2e4
Add Actions permissions analysis to the `CodeQL` workflow
mcdonnnj Nov 5, 2024
8c8e75e
Bump crazy-max/ghaction-github-status from v3 to v4
mcdonnnj Nov 5, 2024
12a91ad
Bump up the lower bound on ansible-core
jsf9k Nov 8, 2024
b9f798d
Update the version of the ansible-lint pre-commit hook
jsf9k Nov 13, 2024
45b05d8
Ensure files with shebangs are executable
mcdonnnj Nov 13, 2024
cca133a
Adjust pin for ansible-core
jsf9k Nov 14, 2024
0b58650
Bump up the lower bounds on ansible and ansible-core
dav3r Nov 19, 2024
d8b5718
Ignore a particular ansible-core vulnerability
dav3r Nov 19, 2024
bd85261
Add comments about looming EOL issues for ansible and ansible-core
jsf9k Nov 20, 2024
f7ccd9a
Merge pull request #196 from cisagov/improvement/add-a-lower-bound-pi…
jsf9k Nov 20, 2024
a794735
Merge pull request #197 from cisagov/improvement/upgrade-ansible-lint…
jsf9k Nov 20, 2024
465040e
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
Nov 20, 2024
9789fb3
Resolve conflicts from follow-on Lineage changes
jsf9k Nov 20, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 20 additions & 1 deletion .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -175,7 +175,7 @@ repos:

# Ansible hooks
- repo: https://github.com/ansible/ansible-lint
rev: v24.9.2
rev: v24.10.0
hooks:
- id: ansible-lint
additional_dependencies:
@@ -191,17 +191,36 @@ repos:
# hook identifies a vulnerability in ansible-core 2.16.13,
# but all versions of ansible 9 have a dependency on
# ~=2.16.X.
<<<<<<< HEAD
=======
#
# It is also a good idea to go ahead and upgrade to version
# 10 since version 9 is going EOL at the end of November:
# https://endoflife.date/ansible
>>>>>>> a7947357cfeee58bc121243a2c76c5bbdc064e35
# - ansible>=10,<11
# ansible-core 2.16.3 through 2.16.6 suffer from the bug
# discussed in ansible/ansible#82702, which breaks any
# symlinked files in vars, tasks, etc. for any Ansible role
# installed via ansible-galaxy. Hence we never want to
# install those versions.
#
<<<<<<< HEAD
# Note that the pip-audit pre-commit hook identifies a vulnerability
# in ansible-core 2.16.13. Normally we would pin ansible-core
# accordingly (>2.16.13), but the above pin of ansible>=10 effectively
# pins ansible-core to >=2.17 so that's what we do here.
=======
# Note that the pip-audit pre-commit hook identifies a
# vulnerability in ansible-core 2.16.13. The pin of
# ansible-core to >=2.17 effectively also pins ansible to
# >=10.
#
# It is also a good idea to go ahead and upgrade to
# ansible-core 2.17 since security support for ansible-core
# 2.16 ends this month:
# https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix
>>>>>>> a7947357cfeee58bc121243a2c76c5bbdc064e35
#
# Note that any changes made to this dependency must also be
# made in requirements.txt in cisagov/skeleton-packer and