Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lineage pull request for: skeleton #206

Open
wants to merge 59 commits into
base: develop
Choose a base branch
from
Open

Lineage pull request for: skeleton #206

wants to merge 59 commits into from

Conversation

cisagovbot
Copy link

@cisagovbot cisagovbot commented Sep 25, 2024
edited by jsf9k
Loading

Lineage Pull Request

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-generic.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

✅ Pre-approval checklist

  • All relevant type-of-change labels have been added.
  • All new and existing tests pass.

Note

You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

Michael Saki and others added 30 commits February 14, 2024 12:59
Add checks for semantic python versions
33582a1
Refactor code for the semantic check
9438194 
This commit will make a few changes. The
orginal version of the semantic checking
function was a bit more difficult to read.
It is now somewhat easier to follow how
the regex is structured. Also the function
has been renamed to check_python_version
since it has 2 functions, making sure that
the version is semantically correct and the
second is to make sure that it is installed
on the user's machine. This makes it easier
to follow the logic for the flags, -p or
--python-version and -l or --list-versions
Add checks for semantic python versions
cea8edc
Refactor code for the semantic check
d5c7c4a 
This commit will make a few changes. The
orginal version of the semantic checking
function was a bit more difficult to read.
It is now somewhat easier to follow how
the regex is structured. Also the function
has been renamed to check_python_version
since it has 2 functions, making sure that
the version is semantically correct and the
second is to make sure that it is installed
on the user's machine. This makes it easier
to follow the logic for the flags, -p or
--python-version and -l or --list-versions
Merge branch 'improvement/correct-semantic-python-version-checks' of h…
f7b9d05 
…ttps://github.com/cisagov/skeleton-generic into improvement/correct-semantic-python-version-checks
Remove example of correct semantic version
327ab73
Refactor the error message for the user
4dedf50
Improve the semantic error message
e84deea
@michaelsaki @dav3r
Fix grammar
5fdc7be 
Co-authored-by: dav3r <[email protected]>
Refactor regex, add link, and improve comments
42ef8c2
Update link to use semver.org over regex101.com
a77e5e1
@michaelsaki @dav3r
Remove unnecessary period
5fe14c7 
Co-authored-by: dav3r <[email protected]>
@mcdonnnj
Add a meta hook to the pre-commit configuration
b7896a0 
Add the `check-useless-excludes` meta hook to verify that any defined
`exclude` directives apply to at least one file in the repository.
@mcdonnnj
Remove exclude directive that does not apply to any files
260566f
@jsf9k
Add a lower-bound pin for flake8-docstrings
a68994d
@mcdonnnj
Use the hashicorp/setup-packer GitHub Action
43b91c7 
Instead of manually installing Packer we can instead leverage the
hashicorp/setup-packer Action just as we do for Terraform.
@jsf9k
Remove @jasonodoom as a codeowner
8ada75d 
He is no longer a member of @cisagov/vm-dev.
@jsf9k @mcdonnnj
Pin to a specific version
2930208 
Previously we only provided a lower bound for the version, but pinning to a specific version aligns with what has been done with the prettier hook and how pre-commit hooks are pinned in general.

The flake8-docstrings package is rarely updated, so there is no real downside to pinning to a specific version.

Co-authored-by: Nick <[email protected]>
@dependabot
Bump actions/cache from 3 to 4
46e0553 
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump crazy-max/ghaction-github-status from 3 to 4
3167421 
Bumps [crazy-max/ghaction-github-status](https://github.com/crazy-max/ghaction-github-status) from 3 to 4.
- [Release notes](https://github.com/crazy-max/ghaction-github-status/releases)
- [Commits](crazy-max/ghaction-github-status@v3...v4)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-github-status
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@mcdonnnj
Update pre-commit hook versions
6a58c2c 
This is done automatically with the `pre-commit autoupdate` command.
The pre-commit/mirrors-prettier hook was manually held back because the
latest tags are for alpha releases of the next major version.
@mcdonnnj
Manually update the prettier hook
553efcb 
Use the latest v3 release available from NPM.
@mcdonnnj
Merge pull request #170 from cisagov/dependabot/github_actions/crazy-…
184e749 
…max/ghaction-github-status-4

Bump crazy-max/ghaction-github-status from 3 to 4
@mcdonnnj
Merge pull request #171 from cisagov/dependabot/github_actions/action…
d99c117 
…s/cache-4

Bump actions/cache from 3 to 4
@mcdonnnj
Merge pull request #187 from cisagov/improvement/use_setup_packer_action
2491ca0 
Use an Action to install Packer in our GitHub Actions workflows
@mcdonnnj
Merge pull request #176 from cisagov/improvement/correct-semantic-pyt…
f6c9537 
…hon-version-checks

Add checks for correct semantic version of Python
@mcdonnnj
Merge pull request #188 from cisagov/remove-odoom-as-a-codeowner
10e5f6f 
Remove @jasonodoom as a codeowner
@mcdonnnj
Add a pre-commit hook to run pip-audit
045a998 
The pip-audit tool will audit any supplied pip requirements files for
vulnerable packages.
@mcdonnnj
Merge pull request #178 from cisagov/improvement/add_pre-commit_meta_…
28dc4ce 
…hook

Add the `check-useless-excludes` hook to the pre-commit configuration
@mcdonnnj
Merge pull request #179 from cisagov/improvement/add_pip-audit_pre-co…
5801cec 
…mmit_hook

Add a pre-commit hook to run `pip-audit`
@jsf9k jsf9k added the security This issue or pull request addresses a security issue label Oct 30, 2024
dav3r
dav3r approved these changes Oct 30, 2024
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@jsf9k jsf9k requested review from dav3r and dv4harr10 October 30, 2024 20:33
mcdonnnj
mcdonnnj reviewed Oct 30, 2024
View reviewed changes
.github/workflows/build.yml Outdated Show resolved Hide resolved
.github/workflows/codeql-analysis.yml Outdated Show resolved Hide resolved
jsf9k and others added 2 commits October 30, 2024 20:53
@jsf9k @mcdonnnj
Update version of crazy-max/ghaction-github-status
5ffaf0e 
This must have been missed in a previous Lineage PR.

Co-authored-by: Nick <[email protected]>
@jsf9k @mcdonnnj
Update permissions for test job
9326e51 
The job checks out the code, so it needs repo read permissions.

Co-authored-by: Nick <[email protected]>
jsf9k and others added 5 commits October 31, 2024 14:28
@jsf9k
Remove repeated comment
1a08f06
@mcdonnnj
Update the commented out dependabot ignore directives
8824475 
Add a directive for hashicorp/setup-packer that was missed when it was
added to the `build` workflow. Add a directive for
cisagov/setup-env-github-action that is not strictly necessary since we
currently just pull from the `develop` branch, but is good to have in
case we were to change that in the future.
@mcdonnnj
Merge pull request #195 from cisagov/bug/add_missing_dependabot_ignore
e6afb68 
Add missing dependabot ignore directives
@mcdonnnj
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
a085627
@mcdonnnj
Enable new dependabot ignore directives
c560e23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcdonnnj mcdonnnj mcdonnnj approved these changes

@dv4harr10 dv4harr10 dv4harr10 approved these changes

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@jsf9k jsf9k Awaiting requested review from jsf9k jsf9k is a code owner

Assignees

@jsf9k jsf9k

@mcdonnnj mcdonnnj

Labels
github-actions Pull requests that update GitHub Actions code kraken 🐙 This pull request is ready to merge during the next Lineage Kraken release security This issue or pull request addresses a security issue upstream update This issue or pull request pulls in upstream updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@cisagovbot @jsf9k @dav3r @mcdonnnj @dv4harr10 @felddy @michaelsaki