Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⚠️ CONFLICT! Lineage pull request for: skeleton #104

Draft
wants to merge 224 commits into
base: develop
Choose a base branch
from

Conversation

cisagovbot
Copy link

Lineage Pull Request: CONFLICT

Achtung!!!

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-docker.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

The lineage/skeleton branch has one or more unresolved merge conflicts
that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone [email protected]:cisagov/pshtt_reporter.git pshtt_reporter
    cd pshtt_reporter
    git remote add skeleton https://github.com/cisagov/skeleton-docker.git
    git remote set-url --push skeleton no_push
    git switch develop
    git switch --create lineage/skeleton --track origin/develop
    git pull skeleton HEAD
    git status
  3. Review the changes displayed by the status command. Fix any conflicts and
    possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the
    branch, commit, and push your changes:

    git add .github/CODEOWNERS .github/workflows/build.yml Dockerfile README.md docker-compose.yml requirements-dev.txt src/version.txt tests/container_test.py 
    git commit
    git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message
    that git creates for you, but please do not delete the existing
    content
    . It provides useful information about the merge that is
    being performed.

  5. Wait for all the automated tests to pass.

  6. Confirm each item in the "Pre-approval checklist" below.

  7. Remove any of the checklist items that do not apply.

  8. Ensure every remaining checkbox has been checked.

  9. Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!

  • ✌️ The conflicts in this pull request have been resolved.
  • All future TODOs are captured in issues, which are referenced
    in code comments.
  • All relevant type-of-change labels have been added.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.

✅ Pre-merge checklist

Remove any of the following that do not apply. These boxes should
remain unchecked until the pull request has been approved.

  • Bump major, minor, patch, or pre-release version as
    appropriate

    via the bump_version.sh script if this repository is
    versioned and the changes in this PR warrant a version
    bump
    .
  • Finalize version.

✅ Post-merge checklist

Remove any of the following that do not apply.

  • Create a release.

Note

You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

dependabot bot and others added 30 commits September 13, 2023 02:01
Bumps [crazy-max/ghaction-github-status](https://github.com/crazy-max/ghaction-github-status) from 3 to 4.
- [Release notes](https://github.com/crazy-max/ghaction-github-status/releases)
- [Commits](crazy-max/ghaction-github-status@v3...v4)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-github-status
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Also add a runner hardening task to the labeler job.
@mcdonnnj correctly pointed out that other projects add their own
configuration files that match, e.g., the /.*.yaml pattern.  We want
to ensure that we only own the linter configuration files from the
skeleton.

Co-authored-by: Nick <[email protected]>
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 2 to 3.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](hashicorp/setup-terraform@v2...v3)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
We prefer block style to flow style for sequences and mappings in YAML.
We prefer to alphabetize mapping keys in YAML documents whenever
possible.
This should improve compatibility with merge queues. We configure it to
only trigger on the `checks_requested` type which is currently the only
supported type for this trigger. If additional types are added in the
future they should be added if appropriate.
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
This hook bundles the binaries for shfmt with a Python package which
removes the need to manually install the tool for the hook to function.
The new pre-commit hook provides `shfmt` binaries so we no longer need
to ensure it is installed.
Since shfmt now supports long command line options we should use them
as that is our preference. The single quotes for the number of spaces
to indent is changed to double quotes to align with our usual quotation
style.
These options are baked into the functionality of the old hook but must
be explicitly declared for the new hook.
This sets the default shell for any run steps in the build workflow to
mirror our standard shellscript writing practices. In addition to
enabling our standard options it will also enable errtrace and print
any commands that are run which should make debugging/troubleshooting
more straightforward.
This will run the Go tool `goimports` against the repository if it
contains any Go files. This tool bundles the functionality of `go fmt`
with the additional benefit of sorting Go imports much like the isort
tool we use for Python code.
This is a temporary fix until @mcdonnnj has
his PR approved and merged into the terraform-docs
repo. This fix will perform a shallow clone of his
forked branch, build the binary, and install it.
PATH is handled by `setup-go` so we can refactor the code setting it. Also we are taking advantage of the -C switch to handle building from the cloned repository.

Co-authored-by: Nick <[email protected]>
`TODO` was placed on the wrong comment block. Also I am adding a link to the issue for the TODO.
This commit is introducing 2 new flags
into the setup-env script. -l or
--list-versions will list available
Python versions and allow the user to
select a version interactively. The second
flag -v or --version will allow a user
to set the version if installed.
(e.g. ./setup-env -v 3.9.6)
This makes the code a bit cleaner and still accomplishes the same functionality

Co-authored-by: Shane Frasier <[email protected]>
mcdonnnj and others added 26 commits December 6, 2024 15:31
Since we cannot use long options on Alpine Linux we should explain what
the short options we are using do. I also changed the order of options
so that they are in alphabetical order.

Co-authored-by: Shane Frasier <[email protected]>
Now that we have a pipenv configuration we will use it to install the
Python dependencies for the image. The `build` workflow is updated to
no longer pass the VERSION build argument in line with this change.
Switch to using a multi-stage build in the Dockerfile. This reduces
image size since pipenv and its dependencices are not needed in the
final image. It also ensures that the system Python environment is
unmodified.
Install the core Python packages (pip, setuptools, and wheel) into the
system Python environment before installing pipenv. This keeps things
consistent with our usual approach to Python environments.
The comment references a command that is no longer being run.

Co-authored-by: Shane Frasier <[email protected]>
Change the tags used in the table to match the version of the project.
Previously "1.2.3" was used as an example version but there is no
reason not to use the real version of the image.
…tion

Install Python dependencies with `pipenv`
Update the Dockerfile and testing to accommodate changes in the new
version.
The version of Python listed in the Pipfile is updated to match the new
Docker image tag.
- pip from 24.0 to 24.3.1
- pipenv from 2023.12.1 to 2024.4.0
- setuptools from 69.1.1 to 75.6.0
- wheel from 0.42.0 to 0.45.1
Update the dependencies installed in the Python virtual environment by
running `pipenv lock` in the `src/` directory.
This resolves the following warning from Docker when building the
image:
FromAsCasing: 'as' and 'FROM' keywords' casing do not match

Co-authored-by: Shane Frasier <[email protected]>
# Conflicts:
#	.github/CODEOWNERS
#	.github/workflows/build.yml
#	Dockerfile
#	README.md
#	docker-compose.yml
#	requirements-dev.txt
#	src/version.txt
#	tests/container_test.py
@cisagovbot cisagovbot added the upstream update This issue or pull request pulls in upstream updates label Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
upstream update This issue or pull request pulls in upstream updates
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants