Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Image Dependencies #25

Merged
merged 59 commits into from
Jun 22, 2022
Merged

Update Image Dependencies #25

merged 59 commits into from
Jun 22, 2022

Conversation

mcdonnnj
Copy link
Member

@mcdonnnj mcdonnnj commented Oct 6, 2021

🗣 Description

This PR bumps the dependencies used for this Docker image.

💭 Motivation and context

Some of these packages are out-of-date and we were using an older Python image version.

🧪 Testing

Automated tests pass successfully. A local testing image was able to perform as expected.

✅ Checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • All new and existing tests pass.

@mcdonnnj mcdonnnj added the dependencies Pull requests that update a dependency file label Oct 6, 2021
@mcdonnnj mcdonnnj self-assigned this Oct 6, 2021
dav3r
dav3r approved these changes Oct 7, 2021
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@mcdonnnj mcdonnnj added the hacktoberfest-accepted Pull request that should count toward Hacktoberfest participation label Oct 15, 2021
mcdonnnj and others added 11 commits February 23, 2022 20:11
@mcdonnnj
Update pre-commit hooks
ad71ef3 
Update pre-commit hooks using `pre-commit autoupdate`.
@mcdonnnj
Add comment to Dependabot configuration
a05b45a 
This comment explains that the configuration may have commented out
ignore directives that should be uncommented in downstream projects.
@mcdonnnj
Disable comments-indentation rule for yamllint
77b20ab 
yamllint does not like it when you comment out pieces of dictionaries
in lists. Upcoming additions to the Dependabot configuration will run
afoul of this so we are updating the yamllint configuration.
@mcdonnnj
Merge pull request #99 from cisagov/improvement/update_dependabot_and…
d712690 
…_yamllint_configurations

Add boilerplate for upcoming Dependabot configuration changes
@mcdonnnj
Merge branch 'develop' into maintenance/update_pre-commit_hooks
3303e46
@mcdonnnj
Merge pull request #98 from cisagov/maintenance/update_pre-commit_hooks
d0817e2 
Update pre-commit hooks
@mcdonnnj
Use asterisks for emphasis- and strong-styles
706bded 
Given the inconsistent behavior of underscores used within words for
style we should prefer asterisks now that these rules are available.
@mcdonnnj
Add missing hyphen in markdownlint rule header
7868a35
@mcdonnnj
Merge pull request #100 from cisagov/improvement/update_markdownlint_…
6978f2a 
…configuration

Use new `markdownlint` rules for emphasis- and strong-styles
@dependabot
Bump actions/setup-python from 2 to 3
4ee1bfd 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump actions/checkout from 2 to 3
3406c2d 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@mcdonnnj mcdonnnj force-pushed the maintenance/update_image_dependencies branch from 26397be to bcd493e Compare March 21, 2022 17:57
mcdonnnj and others added 10 commits March 28, 2022 16:19
@mcdonnnj
Update pre-commit hooks
9a03808 
Update pre-commit hooks using `pre-commit autoupdate`. The `ansible-lint` hook
is intentionally held back due to issues with upgrading to v6.
@mcdonnnj
Add Dependabot ignore directives
511a37c 
This adds commented out ignore directives for the following GitHub
Actions:

- action/cache
- action/checkout
- action/setup-python

These should be uncommented downstream to ensure that updates to these
dependencies are pushed from pull requests made in the skeleton.
@mcdonnnj
Upgrade from Python 3.9 to 3.10 for the lint job in GHA
5839926
@mcdonnnj
Use consistent quoting for software versions
e22c12c
@mcdonnnj
Merge pull request #101 from cisagov/dependabot/github_actions/action…
a3f12f4 
…s/setup-python-3

Bump actions/setup-python from 2 to 3
@mcdonnnj
Merge branch 'develop' into dependabot/github_actions/actions/checkout-3
6869c68
@mcdonnnj
Merge pull request #102 from cisagov/dependabot/github_actions/action…
e190ae7 
…s/checkout-3

Bump actions/checkout from 2 to 3
@dependabot @mcdonnnj
Bump actions/cache from 2 to 3
c576ef5 
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](actions/cache@v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@mcdonnnj
Merge branch 'develop' into improvement/add_dependabot_ignores_for_gi…
496ea93 
…thub_actions
@mcdonnnj
Merge pull request #107 from cisagov/improvement/add_dependabot_ignor…
a9c93d0 
…es_for_github_actions

Add Dependabot ignore directives
mcdonnnj and others added 20 commits June 13, 2022 10:34
@mcdonnnj
Bump docker/setup-qemu-action from 1 to 2
1156d96
@mcdonnnj
Bump actions/download-artifact from 2 to 3
0aa0b2d
@mcdonnnj
Bump actions/upload-artifact from 2 to 3
3fd728d
@mcdonnnj
Merge pull request #102 from cisagov/improvement/update_docker_action…
d7528a1 
…_versions

Update GitHub Action versions for this project
@jsf9k @mcdonnnj
Improve language in a comment
cfb36d1 
Co-authored-by: Nick <[email protected]>
@mcdonnnj
Merge branch 'develop' into bugfix/update-docker-compose-syntax
271a3b0
@mcdonnnj
Merge pull request #105 from cisagov/bugfix/update-docker-compose-syntax
9cea64d 
Update code to use the "docker compose" syntax vice "docker-compose"
@mcdonnnj
Merge github.com:cisagov/skeleton-docker into lineage/skeleton
816be82
@mcdonnnj
Enable Dependabot ignore directives
a041c45 
Enable the new ignore directives for dependencies managed by
cisagov/skeleton-docker.
@mcdonnnj
Update Python dependency from 3.9.6 to 3.9.7
bd5cff4
@mcdonnnj
Update Dockerfile's Python package dependencies
23f6f78
@mcdonnnj
Update Pipenv managed dependencies
e25d5fc
@mcdonnnj
Bump version from 0.0.5-rc.1 to 0.0.5-rc.2
f3feb01
@mcdonnnj
Update Python dependency from 3.9.7 to 3.9.11
e52bbb9
@mcdonnnj
Update Pipenv requirements
17ddf1c
@mcdonnnj
Update Python package versions in the Dockerfile
f527814
@mcdonnnj
Update Python image from 3.9.11 to 3.10.5
0f537ff
@mcdonnnj
Update apt package versions in the Dockerfile
2efe049
@mcdonnnj
Update Python package versions in the Dockerfile
1e5012e
@mcdonnnj
Update and lock the Pipfile
e63a069 
With a properly formatted Pipfile we have no reason to keep a
requirements.txt file so it is removed. The Pipfile has been updated to
better reflect what the Docker image should have installed. The version
of cisagov/hash-http-content is manually updated and all other
dependencies are updated with `pipenv lock`.
@mcdonnnj mcdonnnj force-pushed the maintenance/update_image_dependencies branch from bcd493e to e63a069 Compare June 18, 2022 01:24
@mcdonnnj mcdonnnj mentioned this pull request Jun 21, 2022
Merged
1 task
@mcdonnnj mcdonnnj requested review from jsf9k and dav3r June 21, 2022 05:03
jsf9k
jsf9k reviewed Jun 21, 2022
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have one important question.

src/requirements.txt Show resolved Hide resolved
dav3r
dav3r approved these changes Jun 21, 2022
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ⚡

@mcdonnnj mcdonnnj merged commit 7fd446f into develop Jun 22, 2022
@mcdonnnj mcdonnnj deleted the maintenance/update_image_dependencies branch June 22, 2022 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dav3r dav3r dav3r approved these changes

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

Assignees

@mcdonnnj mcdonnnj

Labels
dependencies Pull requests that update a dependency file hacktoberfest-accepted Pull request that should count toward Hacktoberfest participation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mcdonnnj @jsf9k @dav3r