Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⚠️ CONFLICT! Lineage pull request for: skeleton #95

Draft
wants to merge 329 commits into
base: develop
Choose a base branch
from
Draft

⚠️ CONFLICT! Lineage pull request for: skeleton #95

wants to merge 329 commits into from

Conversation

cisagovbot
Copy link

Lineage Pull Request: CONFLICT

Achtung!!!

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-docker.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

The lineage/skeleton branch has one or more unresolved merge conflicts
that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone [email protected]:cisagov/scanner.git scanner
cd scanner
git remote add skeleton https://github.com/cisagov/skeleton-docker.git
git remote set-url --push skeleton no_push
git switch develop
git switch --create lineage/skeleton --track origin/develop
git pull skeleton HEAD
git status

  3. Review the changes displayed by the status command. Fix any conflicts and
    possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the
    branch, commit, and push your changes:

    git add .github/CODEOWNERS .github/workflows/build.yml Dockerfile README.md docker-compose.yml src/version.txt tests/container_test.py 
git commit
git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message
    that git creates for you, but please do not delete the existing
    content    . It provides useful information about the merge that is
    being performed.

  5. Wait for all the automated tests to pass.

  6. Confirm each item in the "Pre-approval checklist" below.

  7. Remove any of the checklist items that do not apply.

  8. Ensure every remaining checkbox has been checked.

  9. Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!

  • ✌️ The conflicts in this pull request have been resolved.
  • All future TODOs are captured in issues, which are referenced
    in code comments.
  • All relevant type-of-change labels have been added.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.

✅ Pre-merge checklist

Remove any of the following that do not apply. These boxes should
remain unchecked until the pull request has been approved.

  • Bump major, minor, patch, or pre-release version as
    appropriate
    via the bump_version.sh script if this repository is
    versioned and the changes in this PR warrant a version
    bump    .
  • Finalize version.

✅ Post-merge checklist

Remove any of the following that do not apply.

  • Create a release.

Note

You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

mcdonnnj and others added 30 commits March 6, 2024 00:23
@mcdonnnj
Merge pull request #156 from cisagov/improvement/better_support_merge…
c0043bd 
…_queues

Improve merge queue support
@mcdonnnj
Merge pull request #158 from cisagov/dependabot/github_actions/action…
e5ffc52 
…s/setup-go-5

Bump actions/setup-go from 4 to 5
@mcdonnnj
Merge pull request #159 from cisagov/dependabot/github_actions/action…
59b2ad1 
…s/setup-python-5

Bump actions/setup-python from 4 to 5
@mcdonnnj
Merge pull request #161 from cisagov/maintenance/update_pre-commit_hooks
57bef4a 
Update `pre-commit` hooks
@mcdonnnj
Merge pull request #162 from cisagov/improvement/set_default_for_run_…
01c9e11 
…steps

Set the default `shell` for all `run` steps in the `build` workflow
@mcdonnnj
Merge pull request #166 from cisagov/improvement/allow_setup-env_to_s…
d1a186d 
…pecify_python

Allow setup-env to specify Python version
@mcdonnnj
Use Python and Go versions provided by cisagov/setup-env-github-action
7169dcf
@mcdonnnj
Merge pull request #157 from cisagov/improvement/get_more_versions_fr…
95a61f5 
…om_action

Use `cisagov/setup-env-github-action` to provide the Python and Go versions to use
@mcdonnnj
Merge pull request #160 from cisagov/improvement/switch_pre-commit_ho…
81735c2 
…ok_for_shfmt

Switch the pre-commit hook used to run `shfmt`
@mcdonnnj
Merge pull request #163 from cisagov/improvement/add_goimports_hook
4f73489 
Add a pre-commit hook to run `goimports`
@mcdonnnj
Merge pull request #164 from cisagov/improvement/install_atx_header_s…
9020b55 
…upport_terraform-docs

Add ATX Header Support for `terraform-docs`
@mcdonnnj
Switch pre-commit hooks for running shellcheck
035cf86 
This hook bundles the binaries for shellcheck with a Python package
which removes the need to ensure the tool is installed for the hook to
function. It also ties the version of shellcheck used to the hook which
will help guarantee consistency.
@mcdonnnj
Merge pull request #168 from cisagov/improvement/switch_pre-commit_ho…
e79569c 
…ok_for_shellcheck

Switch the pre-commit hook used to run `shellcheck`
Add checks for semantic python versions
cea8edc
Refactor code for the semantic check
d5c7c4a 
This commit will make a few changes. The
orginal version of the semantic checking
function was a bit more difficult to read.
It is now somewhat easier to follow how
the regex is structured. Also the function
has been renamed to check_python_version
since it has 2 functions, making sure that
the version is semantically correct and the
second is to make sure that it is installed
on the user's machine. This makes it easier
to follow the logic for the flags, -p or
--python-version and -l or --list-versions
Merge branch 'improvement/correct-semantic-python-version-checks' of h…
f7b9d05 
…ttps://github.com/cisagov/skeleton-generic into improvement/correct-semantic-python-version-checks
Remove example of correct semantic version
327ab73
Refactor the error message for the user
4dedf50
Improve the semantic error message
e84deea
@michaelsaki @dav3r
Fix grammar
5fdc7be 
Co-authored-by: dav3r <[email protected]>
Refactor regex, add link, and improve comments
42ef8c2
Update link to use semver.org over regex101.com
a77e5e1
@michaelsaki @dav3r
Remove unnecessary period
5fe14c7 
Co-authored-by: dav3r <[email protected]>
@mcdonnnj
Add a meta hook to the pre-commit configuration
b7896a0 
Add the `check-useless-excludes` meta hook to verify that any defined
`exclude` directives apply to at least one file in the repository.
@mcdonnnj
Remove exclude directive that does not apply to any files
260566f
@jsf9k @mcdonnnj
Pin ansible-core when running the ansible-lint linter
07e2b60 
New versions of ansible-core (2.16.7 and 2.17.0) have been released
that do not suffer from the bug discussed in ansible/ansible#82702.
This bug broke any symlinked files in vars, tasks, etc. for any
Ansible role installed via ansible-galaxy.

All versions later than ansible-core 2.16.7 and 2.17.0 should function
as expected.

Co-authored-by: Nick <[email protected]>
@jsf9k
Remove unnecessary line
c74e5db 
The line is not only unnecessary, it was commented out to boot!
@jsf9k
Explain why ansible may need to be added as a dependency for ansible-…
2e53e0d 
…lint

On its own ansible-lint does not pull in ansible, only ansible-core.
Therefore, if an Ansible module lives in ansible instead of
ansible-core, the linter will complain that the module is unknown.  In
these cases it is necessary to add the ansible package itself as an
additional dependency, with the same pinning as is done in
requirements-test.txt of cisagov/skeleton-ansible-role.
@mcdonnnj
Update pre-commit hook versions
f51fe62 
This is done automatically with the `pre-commit autoupdate` command.
The pre-commit/mirrors-prettier was manually held back because the
latest tags are for alpha releases of the next major version.
@mcdonnnj
Manually update the prettier hook
8e55b8e 
Use the latest v3 release available from NPM.
jsf9k and others added 18 commits March 27, 2025 19:29
@jsf9k
Merge pull request #203 from cisagov/feature/add-dependency-review-ac…
3e6e3bc 
…tion-to-lint-job

Add a workflow to run `actions/dependency-review-action`
@jsf9k
Merge pull request #204 from cisagov/feature/version-all-the-things
4b2bc42 
Add version file and `bump-version` script
@jsf9k
Merge pull request #205 from cisagov/maintenance/update_pre-commit_hooks
ca757aa 
Update `pre-commit` hook versions
@jsf9k @mcdonnnj
Do not disable GitHub permissions monitoring by default
028f652 
But do leave a commented-out line that can be uncommented to do so.
The idea is that we should only comment out this functionality where
we really must.

Co-authored-by: Nick M <[email protected]>
@mcdonnnj
Merge pull request #206 from cisagov/improvement/do-not-disable-perms…
d289ef3 
…-monitoring-by-default

Do not disable GitHub permissions monitoring by default
@mcdonnnj
Merge github.com:cisagov/skeleton-generic into lineage/skeleton
82849b2
@mcdonnnj
Enable new dependabot ignore directives
3497eb9
@mcdonnnj
Removed duplicate dependabot ignore directive
868f2c0 
Now that CodeQL is used in the upstream cisagov/skeleton-generic
project we should allow management of the github/codeql-action action
to be handled upstream.
@mcdonnnj
Update to comply with the new yamllint rules
9c9f8e1
@mcdonnnj
Use cisagov/action-job-preamble in all jobs
54c682c 
This action replaces the individual use of
GitHubSecurityLab/actions-permissions/monitor and
step-security/harden-runner just as was done for the diagnostics and
lint jobs.
@mcdonnnj
Do not monitor action permissions in the build-push-all job
b71d299 
The GitHubSecurityLabs/actions-permissions/monitor action keeps causing
build failures in this job due to network connectivity issues when
trying to download dependencies. Thus we must disable it to allow the
build to succeed.
@mcdonnnj
Merge pull request #221 from cisagov/lineage/skeleton
2838726 
⚠️ CONFLICT! Lineage pull request for: skeleton
@mcdonnnj
Move the Docker Hub description update to its own job
9539369
@mcdonnnj
Let docker/build-push-action handle caching
830e704 
Since the only thing being cached in the `build` and `build-push-all`
jobs is Docker info it makes sense to let the action handle caching
since it supports caching directly with the Actions cache.
@mcdonnnj @dav3r
Explain why we use a specific setting for an action
ab19c81 
We set the cache mode to `max` for the docker/build-push-action action
so we should explain why we are overriding the default of `min`.

Co-authored-by: dav3r <[email protected]>
@mcdonnnj
Merge pull request #220 from cisagov/improvement/break_out_update_doc…
4f1c063 
…kerhub_readme

Move the Docker Hub description update to its own job
@mcdonnnj
Merge pull request #222 from cisagov/improvement/use_gha_cache_direct…
0738f43 
…ly_for_image_building

Let `docker/build-push-action` handle caching
Merge https://github.com/cisagov/skeleton-docker into lineage/skeleton
ce800c0 
# Conflicts:
#	.github/dependabot.yml
#	.github/lineage.yml
#	.github/workflows/build.yml
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

jsf9k and others added 11 commits April 8, 2025 11:39
@jsf9k
Disable GH permissions monitoring everywhere
65f9c30 
This
functionality (https://github.com/GitHubSecurityLab/actions-permissions/tree/main/monitor)
is poorly implemented and has been causing problems due to the MITM
implementation hogging or leaking memory.

This functionality should be re-enabled when practical.  See
cisagov/skeleton-generic#207 for more details.
@jsf9k @dv4harr10
Fix typo that was copied and pasted all over the show
2cfc534 
Co-authored-by: David Harris <[email protected]>
@jsf9k
Merge pull request #208 from cisagov/improvement/disable-permissions-…
ed8fadd 
…monitoring

Disable GitHub permissions monitoring everywhere
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
c8c4287
@jsf9k
Disable GH permissions monitoring in build.yml workflow
9b6cbab 
This functionality is poorly implemented and has been causing problems
due to the MITM implementation hogging or leaking memory.
@jsf9k
Make use of cisagov/action-job-preamble
ecb9128 
Also disable GH permissions monitoring, since this functionality is
poorly implemented and has been causing problems due to the MITM
implementation hogging or leaking memory.
@jsf9k
Fix typo
e0bf157
@jsf9k
Merge pull request #209 from cisagov/improvement/fix-typo
9264d9a 
Fix typo
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
229731e
@mcdonnnj
Merge pull request #223 from cisagov/lineage/skeleton
3a201d4 
Lineage pull request for: skeleton
Merge https://github.com/cisagov/skeleton-docker into lineage/skeleton
ec696e2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dav3r dav3r Awaiting requested review from dav3r dav3r will be requested when the pull request is marked ready for review dav3r is a code owner

@felddy felddy Awaiting requested review from felddy felddy will be requested when the pull request is marked ready for review felddy is a code owner

@jsf9k jsf9k Awaiting requested review from jsf9k jsf9k will be requested when the pull request is marked ready for review jsf9k is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj will be requested when the pull request is marked ready for review mcdonnnj is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@jsf9k jsf9k

@dav3r dav3r

@mcdonnnj mcdonnnj

Labels
upstream update This issue or pull request pulls in upstream updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cisagovbot @jsf9k @dav3r @mcdonnnj @michaelsaki