Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⚠️ CONFLICT! Lineage pull request for: skeleton #6

Draft
wants to merge 445 commits into
base: develop
Choose a base branch
from

Conversation

cisagovbot
Copy link

Lineage Pull Request: CONFLICT

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-docker.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

The lineage/skeleton branch has one or more unresolved merge conflicts
that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone [email protected]:cisagov/cyhy-commander-docker.git cyhy-commander-docker
    cd cyhy-commander-docker
    git remote add skeleton https://github.com/cisagov/skeleton-docker.git
    git remote set-url --push skeleton no_push
    git switch develop
    git checkout -b lineage/skeleton --track origin/develop
    git pull skeleton HEAD
    git status
  3. Review the changes displayed by the status command. Fix any conflicts and
    possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the
    branch, commit, and push your changes:

    git add .github/dependabot.yml README.md 
    git commit
    git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message
    that git creates for you, but please do not delete the existing
    content
    . It provides useful information about the merge that is
    being performed.

  5. Wait for all the automated tests to pass.

  6. Check the "Everything is cool" checkbox below:

    • ✌️ The conflicts in this pull request have been resolved.
  7. Mark this draft pull request "Ready for review".


Note: You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

@cisagovbot cisagovbot added the upstream update This issue or pull request pulls in upstream updates label Nov 22, 2022
mcdonnnj and others added 21 commits September 13, 2023 15:47
We generally only use quotes when they are strictly necessary to ensure
data is interpreted as a string value. This mirrors what was done to
the configurations inherited from cisagov/skeleton-generic.
Our standard practice for YAML files is to sort keys alphabetically.
This mirrors what was done to the configurations inherited from
cisagov/skeleton-generic.
This updates the remaining declarations to match what was pulled down
from cisagov/skeleton-generic.
Add the `diagnostics` job as a dependency for the other jobs. Reformat
the dependencies for those jobs to match the formatting of the `lint`
job. This aligns with what was pulled down from
cisagov/skeleton-generic.
Ensure that top-level keys except for `steps` are alphabetically sorted.
We generally only use quotes when they are strictly necessary to ensure
data is interpreted as a string value. This mirrors what was done to
the configurations inherited from cisagov/skeleton-generic.
This aligns with what was done to the `lint` job of the build.yml
workflow that was inherited from cisagov/skeleton-generic.
We generally only use quotes when they are strictly necessary to ensure
data is interpreted as a string value. This mirrors what was done to
the configurations inherited from cisagov/skeleton-generic.
@mcdonnnj correctly pointed out that other projects add their own
configuration files that match, e.g., the /.*.yaml pattern.  We want
to ensure that we only own the linter configuration files from the
skeleton.

Co-authored-by: Nick <[email protected]>
Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@v2...v3)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps python from 3.11.4-alpine to 3.12.0-alpine.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
It's good to agree everywhere with the changes we made to the
build.yml workflow in cisagov/skeleton-generic#144.
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 2 to 3.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](hashicorp/setup-terraform@v2...v3)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
We prefer block style to flow style for sequences and mappings in YAML.
We prefer to alphabetize mapping keys in YAML documents whenever
possible.
This should improve compatibility with merge queues. We configure it to
only trigger on the `checks_requested` type which is currently the only
supported type for this trigger. If additional types are added in the
future they should be added if appropriate.
⚠️ CONFLICT! Lineage pull request for: skeleton
mcdonnnj and others added 30 commits December 6, 2024 15:31
We can move this instruction to the end of the Dockerfile now that we
are no longer working with files in the Docker container when building.
Using a virtual environment is a Python best practice. We also
consolidate all of the Python dependency installation steps into a
single RUN instruction. This ensures that Python setup is cached in one
layer and mirrors the logical organization of this being a single step.
…eatable

Pin Python package versions and improve build repeatability
This configuration includes a Pipfile configuration file and the
generated Pipfile.lock file that pins to specific versions for the
Python dependencies for this project. This will help us ensure
repeatable builds. The pipenv package is added as a developmental
requirement to support these files.
Since we cannot use long options on Alpine Linux we should explain what
the short options we are using do. I also changed the order of options
so that they are in alphabetical order.

Co-authored-by: Shane Frasier <[email protected]>
Now that we have a pipenv configuration we will use it to install the
Python dependencies for the image. The `build` workflow is updated to
no longer pass the VERSION build argument in line with this change.
Switch to using a multi-stage build in the Dockerfile. This reduces
image size since pipenv and its dependencices are not needed in the
final image. It also ensures that the system Python environment is
unmodified.
Install the core Python packages (pip, setuptools, and wheel) into the
system Python environment before installing pipenv. This keeps things
consistent with our usual approach to Python environments.
The comment references a command that is no longer being run.

Co-authored-by: Shane Frasier <[email protected]>
Change the tags used in the table to match the version of the project.
Previously "1.2.3" was used as an example version but there is no
reason not to use the real version of the image.
…tion

Install Python dependencies with `pipenv`
Update the Dockerfile and testing to accommodate changes in the new
version.
The version of Python listed in the Pipfile is updated to match the new
Docker image tag.
- pip from 24.0 to 24.3.1
- pipenv from 2023.12.1 to 2024.4.0
- setuptools from 69.1.1 to 75.6.0
- wheel from 0.42.0 to 0.45.1
Update the dependencies installed in the Python virtual environment by
running `pipenv lock` in the `src/` directory.
This resolves the following warning from Docker when building the
image:
FromAsCasing: 'as' and 'FROM' keywords' casing do not match

Co-authored-by: Shane Frasier <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
upstream update This issue or pull request pulls in upstream updates
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants