⚠️ CONFLICT! Lineage pull request for: skeleton #59
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Use the latest v3 release available from NPM.
…max/ghaction-github-status-4 Bump crazy-max/ghaction-github-status from 3 to 4
…s/cache-4 Bump actions/cache from 3 to 4
Use an Action to install Packer in our GitHub Actions workflows
…hon-version-checks Add checks for correct semantic version of Python
Remove @jasonodoom as a codeowner
The pip-audit tool will audit any supplied pip requirements files for vulnerable packages.
…hook Add the `check-useless-excludes` hook to the pre-commit configuration
…mmit_hook Add a pre-commit hook to run `pip-audit`
Add a lower-bound pin for the `flake8-docstrings` `pip` package
Update `pre-commit` hooks
This replaces the now archived pre-commit/mirrors-prettier hook.
Switch the `pre-commit` hook used to run `prettier`
Copy over necessary changes from the `bump_version.sh` script.
This functionality has been replaced by the `bump-version` script.
Add a `workflow_dispatch` trigger so we can manually run the workflow if needed.
This Action will provide information about the usage of GITHUB_TOKEN in the workflow. It should be added to _every_ job in _any_ workflow to provide information for analysis.
This changes the default permissions for the GITHUB_TOKEN used in our GitHub Actions configuration to the minimum required to successfully run.
This is done automatically with the `pre-commit autoupdate` command.
Ensure that all hook ids are sorted alphabetically in each hook entry in our pre-commit configuration.
…bels_workflow Allow the `sync-labels` workflow to be run manually
…ons-monitor Add the `GitHubSecurityLab/actions-permissions/monitor` Action
Explicitly define permissions of `GITHUB_TOKEN` in our GitHub Actions workflows
Update `pre-commit` hook versions
…hooks Add additional hooks from `pre-commit/pre-commit-hooks`
…oks_are_sorted Sort hook ids in each `pre-commit` hook entry
Add a directive for hashicorp/setup-packer that was missed when it was added to the `build` workflow. Add a directive for cisagov/setup-env-github-action that is not strictly necessary since we currently just pull from the `develop` branch, but is good to have in case we were to change that in the future.
This reusable workflow will provide the image name and supported image platforms as outputs. This will allow us to access this information in any other workflow while storing this information in a centralized location.
Now that we have a reusable workflow for repository metadata we should use it where appropriate.
Also fix the order of the keys for the `output-repo-metadata` job.
…in_one_place Store repository metadata in a reusable workflow
Lineage pull request for: skeleton
Move the job that updates the description for the image on Docker Hub into its own workflow. This will ensure it only runs if the README is updated on the `develop` branch without any special logic.
…cription_as_separate_workflow Move GitHub Actions job into its own workflow
Since a Docker image is available for this platform there is no reason not to support it in our builds.
…x-386_platform Add support for the `linux/386` platform
# Conflicts: # .github/dependabot.yml # .github/workflows/build.yml # README.md # src/version.txt
Lineage pull request for: skeleton
Since a Docker image is available for this platform there is no reason not to support it in our builds.
There is an issue where an image build taking longer than 10 minutes runs afoul of the GitHub Container Registry token duration. We are breaking this step up into a build step that does not push and then a push step that pushes the built images that are locally cached to hopefully work around this problem.
Move the comment about annotations used for Docker image labels to be before the `labels` argument for the docker/build-push-action action. This was erroneously moved to the incorrect location when alphabetizing arguments in #196.
Add support for the `linux/riscv64` platform
Build and push Docker images as separate steps
We no longer use Snyk so it makes sense to remove this legacy link.
This URL did not match the image name on DockerHub.
Update the README
Add a new workflow job to scan the Docker image with the Trivy vulnerability scanner.
# Conflicts: # README.md # src/version.txt
Capitalize Docker in comments, step names, etc. in the `build` workflow since it is a proper noun in that context.
In places that are not documenting command line usage we capitalize Docker Compose since it is a proper noun.
Scan the Docker image for vulnerabilities at build time
Correct the case for mentions of Docker
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request: CONFLICT
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-docker.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with
your project.
The
lineage/skeletonbranch has one or more unresolved merge conflictsthat you must resolve before merging this pull request!
How to resolve the conflicts
Take ownership of this pull request by removing any other assignees.
Clone the repository locally, and reapply the merge:
Review the changes displayed by the
statuscommand. Fix any conflicts andpossibly incorrect auto-merges.
After resolving each of the conflicts,
addyour changes to thebranch,
commit, andpushyour changes:Note that you may append to the default merge commit message
that git creates for you, but please do not delete the existing
content. It provides useful information about the merge that is
being performed.
Wait for all the automated tests to pass.
Confirm each item in the "Pre-approval checklist" below.
Remove any of the checklist items that do not apply.
Ensure every remaining checkbox has been checked.
Mark this draft pull request "Ready for review".
✅ Pre-approval checklist
Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!
in code comments.
to reflect the changes in this PR.
✅ Pre-merge checklist
Remove any of the following that do not apply. These boxes should
remain unchecked until the pull request has been approved.
appropriate
via the
bump_version.shscript if this repository isversioned and the changes in this PR warrant a version
bump.
✅ Post-merge checklist
Remove any of the following that do not apply.
Note
You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage