Skip to content

⚠️ CONFLICT! Lineage pull request for: skeleton#168

Merged
mcdonnnj merged 240 commits intodevelopfrom
lineage/skeleton
Jan 15, 2025
Merged

⚠️ CONFLICT! Lineage pull request for: skeleton#168
mcdonnnj merged 240 commits intodevelopfrom
lineage/skeleton

Conversation

@cisagovbot
Copy link

@cisagovbot cisagovbot commented Dec 6, 2024
edited by mcdonnnj
Loading

Lineage Pull Request: CONFLICT

Achtung!!!

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-docker.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

The lineage/skeleton branch has one or more unresolved merge conflicts
that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone git@github.com:cisagov/code-gov-update.git code-gov-update cd code-gov-update git remote add skeleton https://github.com/cisagov/skeleton-docker.git git remote set-url --push skeleton no_push git switch develop git switch --create lineage/skeleton --track origin/develop git pull skeleton HEAD git status

  3. Review the changes displayed by the status command. Fix any conflicts and
    possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the
    branch, commit, and push your changes:

    git add .github/CODEOWNERS .github/workflows/build.yml Dockerfile README.md docker-compose.yml requirements-dev.txt src/Pipfile src/Pipfile.lock src/version.txt tests/conftest.py tests/container_test.py  git commit git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message
    that git creates for you, but please do not delete the existing
    content    . It provides useful information about the merge that is
    being performed.

  5. Wait for all the automated tests to pass.

  6. Confirm each item in the "Pre-approval checklist" below.

  7. Remove any of the checklist items that do not apply.

  8. Ensure every remaining checkbox has been checked.

  9. Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!

  • ✌️ The conflicts in this pull request have been resolved.
  • All relevant type-of-change labels have been added.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.

✅ Pre-merge checklist

Remove any of the following that do not apply. These boxes should
remain unchecked until the pull request has been approved.

✅ Post-merge checklist

Remove any of the following that do not apply.

  • Create a pre-release.

Note

You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage
dependabot bot and others added 30 commits September 13, 2023 02:01
@dependabot
Bump crazy-max/ghaction-github-status from 3 to 4
b5e5c11 
Bumps [crazy-max/ghaction-github-status](https://github.com/crazy-max/ghaction-github-status) from 3 to 4. - [Release notes](https://github.com/crazy-max/ghaction-github-status/releases) - [Commits](crazy-max/ghaction-github-status@v3...v4) --- updated-dependencies: - dependency-name: crazy-max/ghaction-github-status dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@jsf9k
Add a diagnostics job for the label syncing workflow
371179e 
Also add a runner hardening task to the labeler job.
@jsf9k @mcdonnnj
Make the dev team the owners of the linter configuration files
1f611fc 
Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k @mcdonnnj
Make dev team members the codeowners of the requirements*.txt and set…
c356768 
…up-env files Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k @mcdonnnj
Explicitly list the linter config files the dev team should own
0195005 
@mcdonnnj correctly pointed out that other projects add their own configuration files that match, e.g., the /.*.yaml pattern. We want to ensure that we only own the linter configuration files from the skeleton. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
@dependabot
Bump hashicorp/setup-terraform from 2 to 3
b768a28 
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 2 to 3. - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](hashicorp/setup-terraform@v2...v3) --- updated-dependencies: - dependency-name: hashicorp/setup-terraform dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@mcdonnnj
Prefer block style to flow style
9f31700 
We prefer block style to flow style for sequences and mappings in YAML.
@mcdonnnj
Alphabetize entries in the build workflow
696433a 
We prefer to alphabetize mapping keys in YAML documents whenever possible.
@mcdonnnj
Add a merge_group trigger to the build workflow
6503a9e 
This should improve compatibility with merge queues. We configure it to only trigger on the `checks_requested` type which is currently the only supported type for this trigger. If additional types are added in the future they should be added if appropriate.
@dependabot
Bump actions/setup-go from 4 to 5
193e799 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/setup-python from 4 to 5
5c84295 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump github/codeql-action from 2 to 3
aad1972 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@mcdonnnj
Switch pre-commit hooks for running shfmt
4a63dbe 
This hook bundles the binaries for shfmt with a Python package which removes the need to manually install the tool for the hook to function.
@mcdonnnj
Remove installation of shfmt in the build workflow
3236b1b 
The new pre-commit hook provides `shfmt` binaries so we no longer need to ensure it is installed.
@mcdonnnj
Use long options for shfmt arguments
5ddb14d 
Since shfmt now supports long command line options we should use them as that is our preference. The single quotes for the number of spaces to indent is changed to double quotes to align with our usual quotation style.
@mcdonnnj
Add additional shfmt options
8ecd957 
These options are baked into the functionality of the old hook but must be explicitly declared for the new hook.
@mcdonnnj
Set the default shell for all run steps in the build workflow
242921b 
This sets the default shell for any run steps in the build workflow to mirror our standard shellscript writing practices. In addition to enabling our standard options it will also enable errtrace and print any commands that are run which should make debugging/troubleshooting more straightforward.
@mcdonnnj
Add linting with goimports to the pre-commit configuration
c7b18dc 
This will run the Go tool `goimports` against the repository if it contains any Go files. This tool bundles the functionality of `go fmt` with the additional benefit of sorting Go imports much like the isort tool we use for Python code.
Add ATX Header Support for terraform-docs
f6d9d6e 
This is a temporary fix until @mcdonnnj has his PR approved and merged into the terraform-docs repo. This fix will perform a shallow clone of his forked branch, build the binary, and install it.
@michaelsaki @mcdonnnj
Add prepended names to variables to describe their function
544e478 
Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
@michaelsaki @jsf9k
Remove unnecessary capitalizations and fix grammar
f5fa0ff 
Co-authored-by: Shane Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
@michaelsaki @mcdonnnj
Simplify steps in the build/install portion of workflow
36361dd 
 PATH is handled by `setup-go` so we can refactor the code setting it. Also we are taking advantage of the -C switch to handle building from the cloned repository. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
@michaelsaki
Add TODO label
3711ebe
@michaelsaki
Move TODO and add link to the issue
d114fb4 
`TODO` was placed on the wrong comment block. Also I am adding a link to the issue for the TODO.
@michaelsaki @dav3r
Alphabetize switches
c907cfc 
Co-authored-by: dav3r <david.redmin@trio.dhs.gov>
Allow setup-env to specify Python version
48db3e3 
This commit is introducing 2 new flags into the setup-env script. -l or --list-versions will list available Python versions and allow the user to select a version interactively. The second flag -v or --version will allow a user to set the version if installed. (e.g. ./setup-env -v 3.9.6)
@michaelsaki @jsf9k
Add /dev/null and remove TMPFILE
c10929a 
 This makes the code a bit cleaner and still accomplishes the same functionality Co-authored-by: Shane Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
Place flags in the correct order for -r and -p
adada40
Remove unneccessary spacing
1861b9b
@michaelsaki @jsf9k
Alphabetize flags and descriptions
3f623e4 
Co-authored-by: Shane Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
@mcdonnnj
Update the version of Python used in the Docker image
1cf7264 
Python 3.12.7 is no longer available for Alpine Linux 3.20. We update the system package version installed in `compile-stage` and the `python` image tag used in `build-stage` to the version of Python currently available for Alpine Linux 3.20.
@mcdonnnj
Update the pipenv configuration
baf1bf8 
Update the Pipfile to require the version of Python currently used in the Docker configuration. This includes re-locking the Pipfile with `pipenv lock` in the `src/` directory.
@mcdonnnj
Use a venv for Python dependency tooling
4aeceb9 
The version of Python installed as a system package is marked as externally managed per PEP 668 and the pipenv Python package is not available as a system package. Therefore we need to create a venv for the Python packages we use for setup (pip, setuptools, wheel, and pipenv).
@mcdonnnj
Use the system package version of the cryptography Python package
b4eacaa 
I am having timeout issues when building a wheel for the `cryptography` package on platforms that do not have a wheel available from PyPI. Switching to a system package version is the sanest (to me) workaround. The system packages that are installed to build the package on these platforms are removed as part of this change.
@mcdonnnj
Bump Alpine Linux from 3.20 to 3.21
1f20b2c 
The version of the `py3-cryptography` package available in Alpine Linux 3.20 is vulnerable to PVE-2024-73711 and CVE-2024-4603. As a result `pipenv` is unable to install the package dependencies for the project. Moving to Alpine Linux 3.21 allows us to use a newer version of the `py3-cryptography` package that is not vulnerable.
@mcdonnnj
Update the Pipfile configuration
678ef20 
Update the version of the `cryptography` package required to match the version available from Alpine Linux 3.21.
@mcdonnnj mcdonnnj added improvement This issue or pull request will add or improve functionality, maintainability, or ease of use version bump This issue or pull request increments the version number dependencies Pull requests that update a dependency file docker Pull requests that update Docker code github-actions Pull requests that update GitHub Actions code test This issue or pull request adds or otherwise modifies test code labels Jan 14, 2025
@mcdonnnj mcdonnnj marked this pull request as ready for review January 14, 2025 18:28
@mcdonnnj mcdonnnj requested a review from a team January 14, 2025 18:46
dav3r
dav3r approved these changes Jan 14, 2025
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This all looks great to me! 💪 💼

I only noted one minor thang.
@mcdonnnj mcdonnnj merged commit e0869c1 into develop Jan 15, 2025
@mcdonnnj mcdonnnj deleted the lineage/skeleton branch January 15, 2025 16:49
This was referenced Jan 15, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file docker Pull requests that update Docker code github-actions Pull requests that update GitHub Actions code improvement This issue or pull request will add or improve functionality, maintainability, or ease of use test This issue or pull request adds or otherwise modifies test code upstream update This issue or pull request pulls in upstream updates version bump This issue or pull request increments the version number

6 participants

@cisagovbot @jsf9k @dav3r @mcdonnnj @dv4harr10 @michaelsaki