Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lineage pull request for: skeleton #219

Merged
merged 53 commits into from
Nov 8, 2024
Merged

Lineage pull request for: skeleton #219

merged 53 commits into from
Nov 8, 2024

Conversation

cisagovbot
Copy link

@cisagovbot cisagovbot commented Sep 25, 2024
edited by jsf9k
Loading

Lineage Pull Request

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-generic.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

✅ Pre-approval checklist

  • All relevant type-of-change labels have been added.
  • All new and existing tests pass.

Note

You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

Michael Saki and others added 30 commits February 14, 2024 12:59
Add checks for semantic python versions
33582a1
Refactor code for the semantic check
9438194 
This commit will make a few changes. The
orginal version of the semantic checking
function was a bit more difficult to read.
It is now somewhat easier to follow how
the regex is structured. Also the function
has been renamed to check_python_version
since it has 2 functions, making sure that
the version is semantically correct and the
second is to make sure that it is installed
on the user's machine. This makes it easier
to follow the logic for the flags, -p or
--python-version and -l or --list-versions
Add checks for semantic python versions
cea8edc
Refactor code for the semantic check
d5c7c4a 
This commit will make a few changes. The
orginal version of the semantic checking
function was a bit more difficult to read.
It is now somewhat easier to follow how
the regex is structured. Also the function
has been renamed to check_python_version
since it has 2 functions, making sure that
the version is semantically correct and the
second is to make sure that it is installed
on the user's machine. This makes it easier
to follow the logic for the flags, -p or
--python-version and -l or --list-versions
Merge branch 'improvement/correct-semantic-python-version-checks' of h…
f7b9d05 
…ttps://github.com/cisagov/skeleton-generic into improvement/correct-semantic-python-version-checks
Remove example of correct semantic version
327ab73
Refactor the error message for the user
4dedf50
Improve the semantic error message
e84deea
@michaelsaki @dav3r
Fix grammar
5fdc7be 
Co-authored-by: dav3r <[email protected]>
Refactor regex, add link, and improve comments
42ef8c2
Update link to use semver.org over regex101.com
a77e5e1
@michaelsaki @dav3r
Remove unnecessary period
5fe14c7 
Co-authored-by: dav3r <[email protected]>
@mcdonnnj
Add a meta hook to the pre-commit configuration
b7896a0 
Add the `check-useless-excludes` meta hook to verify that any defined
`exclude` directives apply to at least one file in the repository.
@mcdonnnj
Remove exclude directive that does not apply to any files
260566f
@jsf9k
Add a lower-bound pin for flake8-docstrings
a68994d
@mcdonnnj
Use the hashicorp/setup-packer GitHub Action
43b91c7 
Instead of manually installing Packer we can instead leverage the
hashicorp/setup-packer Action just as we do for Terraform.
@jsf9k
Remove @jasonodoom as a codeowner
8ada75d 
He is no longer a member of @cisagov/vm-dev.
@jsf9k @mcdonnnj
Pin to a specific version
2930208 
Previously we only provided a lower bound for the version, but pinning to a specific version aligns with what has been done with the prettier hook and how pre-commit hooks are pinned in general.

The flake8-docstrings package is rarely updated, so there is no real downside to pinning to a specific version.

Co-authored-by: Nick <[email protected]>
@dependabot
Bump actions/cache from 3 to 4
46e0553 
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump crazy-max/ghaction-github-status from 3 to 4
3167421 
Bumps [crazy-max/ghaction-github-status](https://github.com/crazy-max/ghaction-github-status) from 3 to 4.
- [Release notes](https://github.com/crazy-max/ghaction-github-status/releases)
- [Commits](crazy-max/ghaction-github-status@v3...v4)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-github-status
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@mcdonnnj
Update pre-commit hook versions
6a58c2c 
This is done automatically with the `pre-commit autoupdate` command.
The pre-commit/mirrors-prettier hook was manually held back because the
latest tags are for alpha releases of the next major version.
@mcdonnnj
Manually update the prettier hook
553efcb 
Use the latest v3 release available from NPM.
@mcdonnnj
Merge pull request #170 from cisagov/dependabot/github_actions/crazy-…
184e749 
…max/ghaction-github-status-4

Bump crazy-max/ghaction-github-status from 3 to 4
@mcdonnnj
Merge pull request #171 from cisagov/dependabot/github_actions/action…
d99c117 
…s/cache-4

Bump actions/cache from 3 to 4
@mcdonnnj
Merge pull request #187 from cisagov/improvement/use_setup_packer_action
2491ca0 
Use an Action to install Packer in our GitHub Actions workflows
@mcdonnnj
Merge pull request #176 from cisagov/improvement/correct-semantic-pyt…
f6c9537 
…hon-version-checks

Add checks for correct semantic version of Python
@mcdonnnj
Merge pull request #188 from cisagov/remove-odoom-as-a-codeowner
10e5f6f 
Remove @jasonodoom as a codeowner
@mcdonnnj
Add a pre-commit hook to run pip-audit
045a998 
The pip-audit tool will audit any supplied pip requirements files for
vulnerable packages.
@mcdonnnj
Merge pull request #178 from cisagov/improvement/add_pre-commit_meta_…
28dc4ce 
…hook

Add the `check-useless-excludes` hook to the pre-commit configuration
@mcdonnnj
Merge pull request #179 from cisagov/improvement/add_pip-audit_pre-co…
5801cec 
…mmit_hook

Add a pre-commit hook to run `pip-audit`
mcdonnnj and others added 9 commits October 29, 2024 16:36
@mcdonnnj
Sort hook ids in each pre-commit hook entry
1d285f2 
Ensure that all hook ids are sorted alphabetically in each hook entry
in our pre-commit configuration.
@mcdonnnj
Merge pull request #189 from cisagov/improvement/manually_run_sync-la…
5da1059 
…bels_workflow

Allow the `sync-labels` workflow to be run manually
@mcdonnnj
Merge pull request #190 from cisagov/improvement/add_actions-permissi…
ff221ba 
…ons-monitor

Add the `GitHubSecurityLab/actions-permissions/monitor` Action
@mcdonnnj
Merge pull request #191 from cisagov/improvement/github_tokenn_polp
971602a 
Explicitly define permissions of `GITHUB_TOKEN` in our GitHub Actions workflows
@mcdonnnj
Merge pull request #192 from cisagov/maintenance/update_pre-commit_hooks
bdf8a25 
Update `pre-commit` hook versions
@mcdonnnj
Merge pull request #193 from cisagov/improvement/add_more_pre-commit_…
6959971 
…hooks

Add additional hooks from `pre-commit/pre-commit-hooks`
@mcdonnnj
Merge pull request #194 from cisagov/improvement/ensure_pre-commit_ho…
f517db7 
…oks_are_sorted

Sort hook ids in each `pre-commit` hook entry
@jsf9k
Merge remote-tracking branch 'skeleton-generic/develop' into lineage/…
ef51f4f 
…skeleton
@jsf9k
Uncomment new Dependabot ignore directive from upstream
93d77a2
@jsf9k jsf9k added the security This issue or pull request addresses a security issue label Oct 30, 2024
mcdonnnj and others added 4 commits November 1, 2024 12:29
@mcdonnnj
Update the commented out dependabot ignore directives
8824475 
Add a directive for hashicorp/setup-packer that was missed when it was
added to the `build` workflow. Add a directive for
cisagov/setup-env-github-action that is not strictly necessary since we
currently just pull from the `develop` branch, but is good to have in
case we were to change that in the future.
@mcdonnnj
Merge pull request #195 from cisagov/bug/add_missing_dependabot_ignore
e6afb68 
Add missing dependabot ignore directives
@mcdonnnj
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
7f3cc80
@mcdonnnj
Enable new dependabot ignore directives
35287ff
@mcdonnnj mcdonnnj added this pull request to the merge queue Nov 8, 2024
Merged via the queue into develop with commit e2722ef Nov 8, 2024
7 checks passed
@mcdonnnj mcdonnnj deleted the lineage/skeleton branch November 8, 2024 09:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dv4harr10 dv4harr10 dv4harr10 approved these changes

@mcdonnnj mcdonnnj mcdonnnj approved these changes

@dav3r dav3r dav3r approved these changes

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

Assignees

@jsf9k jsf9k

@mcdonnnj mcdonnnj

Labels
github-actions Pull requests that update GitHub Actions code kraken 🐙 This pull request is ready to merge during the next Lineage Kraken release security This issue or pull request addresses a security issue upstream update This issue or pull request pulls in upstream updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@cisagovbot @jsf9k @dav3r @mcdonnnj @dv4harr10 @felddy @michaelsaki