Skip to content

⚠️ CONFLICT! Lineage pull request for: skeleton #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 75 commits into from
Apr 24, 2025
Merged

⚠️ CONFLICT! Lineage pull request for: skeleton #16

merged 75 commits into from
Apr 24, 2025

Conversation

@cisagovbot
Copy link

@cisagovbot cisagovbot commented Apr 21, 2025
edited by jsf9k
Loading

Lineage Pull Request: CONFLICT

Achtung!!!

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-ansible-role.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

The lineage/skeleton branch has one or more unresolved merge conflicts
that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone [email protected]:cisagov/ansible-role-systemd-resolved.git ansible-role-systemd-resolved
cd ansible-role-systemd-resolved
git remote add skeleton https://github.com/cisagov/skeleton-ansible-role.git
git remote set-url --push skeleton no_push
git switch develop
git switch --create lineage/skeleton --track origin/develop
git pull skeleton HEAD
git status

  3. Review the changes displayed by the status command. Fix any conflicts and
    possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the
    branch, commit, and push your changes:

    git add .github/dependabot.yml .github/lineage.yml molecule/default/molecule.yml 
git commit
git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message
    that git creates for you, but please do not delete the existing
    content    . It provides useful information about the merge that is
    being performed.

  5. Wait for all the automated tests to pass.

  6. Confirm each item in the "Pre-approval checklist" below.

  7. Remove any of the checklist items that do not apply.

  8. Ensure every remaining checkbox has been checked.

  9. Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

  • ✌️ The conflicts in this pull request have been resolved.
  • All relevant type-of-change labels have been added.
  • All new and existing tests pass.

✅ Pre-merge checklist

  • Bump major, minor, patch, or pre-release version as appropriate via the bump_version.sh script if this repository is versioned and the changes in this PR warrant a version bump.
  • Finalize version.

✅ Post-merge checklist

  • Create a release.

Note

You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

jsf9k and others added 30 commits November 20, 2024 14:40
@jsf9k
Fix spelling error in comment
162e2c2
@mcdonnnj
Adjust the indentation rule for yamllint
5a3ac91 
Use a specific number of spaces instead of the default of only caring
if the number of spaces used is consistent within a file. Ensure that
block sequences inside of mappings are indented.
@mcdonnnj
Update yamllint to disallow non-empty flow collection styles
ac080ed 
The use of flow sequences and mappings is not as readable as block
collections and so should be discouraged. Since it is a cleaner
representation for empty collections we will allow those, but if an
application otherwise requires flow collections they can be explicitly
enabled by disabling the checks per
https://yamllint.readthedocs.io/en/stable/disable_with_comments.html
@mcdonnnj
Add yamllint configuration settings to appease ansible-lint
66cdbf5 
When running ansible-lint it will throw the following warning with our
current configuration:
WARNING  Found incompatible custom yamllint configuration (.yamllint), please either remove the file or edit it to comply with:
  - comments.min-spaces-from-content must be 1
  - braces.max-spaces-inside must be 1
  - octal-values.forbid-implicit-octal must be true
  - octal-values.forbid-explicit-octal must be true.
Thus we implement these configuration rules.
@mcdonnnj
Re-enable the yamllint truthy rule
dd102fe 
Previously we disabled the `truthy` rule due to Ansible's use of
`yes`/`no` for boolean values. That is no longer the case and the
default configuration used by ansible-lint now has this rule enabled.
The use of `on` as a key in GitHub Actions workflow syntax means we
needed to add disable-line comments for the truthy rule.
@mcdonnnj
Configure quoted strings rule for yamllint
dc891af 
Add a configuration for the `quoted-strings` rule that matches our best
practices. Other files are updated to comply with these new settings.
@jsf9k
Add version file and bump_version script
03933fe 
Also add semver as a dev requirement.

I'd like to start versioning descendants of skeleton-ansible-role (in
anticipation of pinning Ansible role versions at a future date), and I
thought it would make sense to go ahead and implement this at the
skeleton-generic level to force us to start versioning all
repositories.

Repositories that already version can ignore these changes when they
flow down via Lineage, since they will already have their own version
files and version-bumping script.
@jsf9k
Bump version from 0.0.1 to 0.0.1-rc.1
3401551
@mcdonnnj
Update pre-commit hook versions
5b5a526 
This is done automatically with the `pre-commit autoupdate` command.
@jsf9k
Merge pull request #198 from cisagov/improvement/fix-spelling-error-i…
e0f5911 
…n-comment

Fix spelling error in comment
@jsf9k
Merge pull request #200 from cisagov/improvement/update_yamllint_rules
b35dec3 
Update our yamllint configuration file
@jsf9k
Apply our standard job preamble via cisagov/action-job-preamble
da028ea 
This new action simply applies our standard permissions monitoring and
runner hardening.  Using it allows us to DRY out the GH Actions
workflows in our skeleton repositories a bit.
@jsf9k
Set actions_permissions_config input
0e93632
@jsf9k
Add a friendly name to the cisagov/action-job-preamble steps
8b2ac55
@jsf9k @mcdonnnj
Add a Dependabot ignore directive for cisagov/action-job-preamble
864b5af 
Co-authored-by: Nick M <[email protected]>
@jsf9k
Update input name for cisagov/action-job-preamble
8cdce2a
@jsf9k @mcdonnnj
Remove two Dependabot ignore directives
17b93ec 
GitHubSecurityLab/actions-permissions and step-security/harden-runner
are no longer direct dependencies since we are now using
cisagov/action-job-preamble.

Co-authored-by: Nick M <[email protected]>
@jsf9k @mcdonnnj
Use cisagov/action-job-preamble in sync-labels.yml workflow
6a9e331 
Co-authored-by: Nick M <[email protected]>
@jsf9k
Use v1 tag of cisagov/action-job-preamble
b5b3b9d
@jsf9k @mcdonnnj
Re-add comment explaining where the org var comes from
3ec1b1f 
Flesh out the comment a little so its meaning is clearer.

Co-authored-by: Nick M <[email protected]>
@jsf9k @mcdonnnj
Flesh out org var comment even more
764df0c 
Make sure to mention that the permissions monitoring config can be
changed by creating a repo-level variable; there is no need to modify
the workflow.

Co-authored-by: Nick M <[email protected]>
@jsf9k
Subsume GH status checks and context dumping into cisagov/action-job-…
c271b40 
…preamble

This action supports this functionality now, so we may as well take
advantage of it.

Also disable GH permissions monitoring, since that functionality is
poorly implemented and has been causing a lot of problems due to the
MITM implementation hogging or leaking memory.
@jsf9k
Merge pull request #201 from cisagov/improvement/use-job-preamble-action
f35dcbc 
Apply our standard job preamble via cisagov/action-job-preamble
@jsf9k
Add a CodeQL workflow to this repository
c4b192b 
CodeQL now supports GitHub Actions as a language, so it makes sense to
add such a workflow to this repository.

See this link for more details:
https://github.blog/changelog/2024-12-17-find-and-fix-actions-workflows-vulnerabilities-with-codeql-public-preview/
@jsf9k @mcdonnnj
Update comment to match what is in cisagov/skeleton-docker
0032cc2 
Also correctly sort YAML keys.

Co-authored-by: Nick <[email protected]>
@jsf9k @mcdonnnj
Use cisagov/action-job-preamble
0534337 
This aligns with the changes in cisagov/skeleton-generic#201.

Co-authored-by: Nick M <[email protected]>
@jsf9k
Add the CodeQL action to the Dependabot configuration
adea10c 
Children of this skeleton repository will require this Dependabot
ignore directive.
@jsf9k
Use cisagov/action-job-preamble instead of separate actions
5dfe5df 
Use cisagov/action-job-preamble instead of
crazy-max/ghaction-github-status and crazy-max/ghaction-dump-context
directly.
@jsf9k
Add a workflow to run actions/dependency-review-action
d740ee8 
This action reviews dependency changes for vulnerabilities and license
changes.
@jsf9k @mcdonnnj
Use cisagov/action-job-preamble
a446dde 
This aligns with the changes in cisagov/skeleton-generic#201.

Co-authored-by: Nick M <[email protected]>
@cisagovbot cisagovbot added the upstream update This issue or pull request pulls in upstream updates label Apr 21, 2025
@github-advanced-security
Copy link

github-advanced-security bot commented Apr 21, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@jsf9k jsf9k added version bump This issue or pull request increments the version number dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code security This issue or pull request addresses a security issue labels Apr 24, 2025
@jsf9k jsf9k force-pushed the lineage/skeleton branch from 47db60f to 6ab5dba Compare April 24, 2025 15:53
@jsf9k jsf9k marked this pull request as ready for review April 24, 2025 16:34
@jsf9k jsf9k requested a review from a team April 24, 2025 16:35
@jsf9k jsf9k merged commit 91888d9 into develop Apr 24, 2025
110 checks passed
@jsf9k jsf9k deleted the lineage/skeleton branch April 24, 2025 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy

@jsf9k jsf9k Awaiting requested review from jsf9k jsf9k is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

+1 more reviewer

@dv4harr10 dv4harr10 dv4harr10 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jsf9k jsf9k

Labels

dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code security This issue or pull request addresses a security issue upstream update This issue or pull request pulls in upstream updates version bump This issue or pull request increments the version number

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@cisagovbot @dav3r @dv4harr10 @felddy @jsf9k @mcdonnnj