This repository has been archived by the owner on Jan 8, 2024. It is now read-only.
⚠️ CONFLICT! Lineage pull request for: skeleton #283
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add @jasonodoom as a default codeowner
This is the latest minor release of Python so it makes sense to use it as the default for this job.
…n_for_lint_job Use Python 3.11 for the `lint` job in the `build` workflow
This is done automatically with the `pre-commit autoupdate` command. However the `ansible-lint` hook is manually kept back as we have not tested functionality to confirm that our roles will generally pass with the new version.
Update `pre-commit` hooks
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
…s/setup-go-4 Bump actions/setup-go from 3 to 4
When wheel gets installed alongside other packages, it may not get used when those other packages are installed. When that happens I see warnings like this: DEPRECATION: ansible-core is being installed using the legacy 'setup.py install' method, because it does not have a 'pyproject.toml' and the 'wheel' package is not installed. pip 23.1 will enforce this behaviour change. A possible replacement is to enable the '--use-pep517' option. Discussion can be found at pypa/pip#8559 This change should get rid of these warnings. Nota bene: This is the practice we follow in the Dockerfile in cisagov/skeleton-docker, but for some reason we never started using it in our workflows.
…nd-wheel-with-pip Install/upgrade setuptools and wheel when upgrading pip
Co-authored-by: Shane Frasier <[email protected]>
Co-authored-by: Shane Frasier <[email protected]>
Co-authored-by: Shane Frasier <[email protected]>
Co-authored-by: Shane Frasier <[email protected]>
Co-authored-by: Shane Frasier <[email protected]>
Co-authored-by: Shane Frasier <[email protected]>
The golang/lint tool was archived on May 9th, 2021 and based on golang/go#38968 no future work is planned. Coupled with the fact that it is not available from brew we are removing this hook as local development may be hindered by trying to satisfy running this hook. Co-authored-by: Shane Frasier <[email protected]> Co-authored-by: dav3r <[email protected]>
This is done automatically with the `pre-commit autoupdate` command.
The cache key used relies on the existence of a go.sum file. Since we have no expectation for Go source code, including that file, and since we already include the Go cache in our job caching, we can safely disable caching in the Action.
Bump the version of Go used in our GitHub Actions configuration to the latest stable Go release.
Enable the new dependabot ignore directives that were added in cisagov/skeleton-generic.
We generally only use quotes when they are strictly necessary to ensure data is interpreted as a string value. This mirrors what was done to the configurations inherited from cisagov/skeleton-generic.
Our standard practice for YAML files is to sort keys alphabetically. This mirrors what was done to the configurations inherited from cisagov/skeleton-generic.
This updates the remaining declarations to match what was pulled down from cisagov/skeleton-generic.
Add the `diagnostics` job as a dependency for the other jobs. Reformat the dependencies for those jobs to match the formatting of the `lint` job. This aligns with what was pulled down from cisagov/skeleton-generic.
Ensure that top-level keys except for `steps` are alphabetically sorted.
We generally only use quotes when they are strictly necessary to ensure data is interpreted as a string value. This mirrors what was done to the configurations inherited from cisagov/skeleton-generic.
This aligns with what was done to the `lint` job of the build.yml workflow that was inherited from cisagov/skeleton-generic.
We generally only use quotes when they are strictly necessary to ensure data is interpreted as a string value. This mirrors what was done to the configurations inherited from cisagov/skeleton-generic.
Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v2...v3) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v2...v3) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v2...v3) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps python from 3.11.4-alpine to 3.12.0-alpine. --- updated-dependencies: - dependency-name: python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
It's good to agree everywhere with the changes we made to the build.yml workflow in cisagov/skeleton-generic#144.
⚠️ CONFLICT! Lineage pull request for: skeleton
…alpine Bump python from 3.11.4-alpine to 3.12.0-alpine
…for-codeql-workflow Add a diagnostics job to the CodeQL workflow
Modify comment referencing "stopped" parameter
…_script Enhance the functionality of the `bump_version.sh` script
…/login-action-3 Bump docker/login-action from 2 to 3
…/setup-buildx-action-3 Bump docker/setup-buildx-action from 2 to 3
…/setup-qemu-action-3 Bump docker/setup-qemu-action from 2 to 3
# Conflicts: # .github/dependabot.yml # Dockerfile
Bumps [actions/github-script](https://github.com/actions/github-script) from 6 to 7. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v6...v7) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v4...v5) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
There is currently a potential incompatibility with the default behavior of the version of buildx being used. A default image generated is built with provenance, which is something we would like to have, but these default images can run on neither Google Cloud Run nor AWS Lambda. Please see docker/buildx#1533 for mroe information. Since we want to retain support for creating AWS Lambda images we add a commented out disabling of this functionality that can be enabled in a downstream repository if needed.
…s/github-script-7 Bump actions/github-script from 6 to 7
…/build-push-action-5 Bump docker/build-push-action from 4 to 5
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request: CONFLICT
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-docker.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with
your project.
The
lineage/skeletonbranch has one or more unresolved merge conflictsthat you must resolve before merging this pull request!
How to resolve the conflicts
Take ownership of this pull request by removing any other assignees.
Clone the repository locally, and reapply the merge:
Review the changes displayed by the
statuscommand. Fix any conflicts andpossibly incorrect auto-merges.
After resolving each of the conflicts,
addyour changes to thebranch,
commit, andpushyour changes:Note that you may append to the default merge commit message
that git creates for you, but please do not delete the existing
content. It provides useful information about the merge that is
being performed.
Wait for all the automated tests to pass.
Confirm each item in the "Pre-approval checklist" below.
Remove any of the checklist items that do not apply.
Ensure every remaining checkbox has been checked.
Mark this draft pull request "Ready for review".
✅ Pre-approval checklist
Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!
in code comments.
to reflect the changes in this PR.
✅ Pre-merge checklist
Remove any of the following that do not apply. These boxes should
remain unchecked until the pull request has been approved.
appropriate
via the
bump_version.shscript if this repository isversioned and the changes in this PR warrant a version
bump.
✅ Post-merge checklist
Remove any of the following that do not apply.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage