Skip to content

⚠️ CONFLICT! Lineage pull request for: skeleton#58

Merged
jsf9k merged 40 commits intodevelopfrom
lineage/skeleton
Apr 1, 2025
Merged

⚠️ CONFLICT! Lineage pull request for: skeleton#58
jsf9k merged 40 commits intodevelopfrom
lineage/skeleton

Conversation

@cisagovbot
Copy link

@cisagovbot cisagovbot commented Mar 28, 2025
edited by jsf9k
Loading

Lineage Pull Request: CONFLICT

Achtung!!!

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-generic.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

The lineage/skeleton branch has one or more unresolved merge conflicts
that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone git@github.com:cisagov/pre-commit-packer.git pre-commit-packer
cd pre-commit-packer
git remote add skeleton https://github.com/cisagov/skeleton-generic.git
git remote set-url --push skeleton no_push
git switch develop
git switch --create lineage/skeleton --track origin/develop
git pull skeleton HEAD
git status

  3. Review the changes displayed by the status command. Fix any conflicts and
    possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the
    branch, commit, and push your changes:

    git add .github/dependabot.yml bump-version requirements-dev.txt 
git commit
git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message
    that git creates for you, but please do not delete the existing
    content    . It provides useful information about the merge that is
    being performed.

  5. Wait for all the automated tests to pass.

  6. Confirm each item in the "Pre-approval checklist" below.

  7. Remove any of the checklist items that do not apply.

  8. Ensure every remaining checkbox has been checked.

  9. Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

  • ✌️ The conflicts in this pull request have been resolved.
  • All relevant type-of-change labels have been added.
  • All new and existing tests pass.

Note

You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

jsf9k and others added 30 commits November 20, 2024 14:40
@jsf9k
Fix spelling error in comment
162e2c2
@mcdonnnj
Adjust the indentation rule for yamllint
5a3ac91 
Use a specific number of spaces instead of the default of only caring
if the number of spaces used is consistent within a file. Ensure that
block sequences inside of mappings are indented.
@mcdonnnj
Update yamllint to disallow non-empty flow collection styles
ac080ed 
The use of flow sequences and mappings is not as readable as block
collections and so should be discouraged. Since it is a cleaner
representation for empty collections we will allow those, but if an
application otherwise requires flow collections they can be explicitly
enabled by disabling the checks per
https://yamllint.readthedocs.io/en/stable/disable_with_comments.html
@mcdonnnj
Add yamllint configuration settings to appease ansible-lint
66cdbf5 
When running ansible-lint it will throw the following warning with our
current configuration:
WARNING  Found incompatible custom yamllint configuration (.yamllint), please either remove the file or edit it to comply with:
  - comments.min-spaces-from-content must be 1
  - braces.max-spaces-inside must be 1
  - octal-values.forbid-implicit-octal must be true
  - octal-values.forbid-explicit-octal must be true.
Thus we implement these configuration rules.
@mcdonnnj
Re-enable the yamllint truthy rule
dd102fe 
Previously we disabled the `truthy` rule due to Ansible's use of
`yes`/`no` for boolean values. That is no longer the case and the
default configuration used by ansible-lint now has this rule enabled.
The use of `on` as a key in GitHub Actions workflow syntax means we
needed to add disable-line comments for the truthy rule.
@mcdonnnj
Configure quoted strings rule for yamllint
dc891af 
Add a configuration for the `quoted-strings` rule that matches our best
practices. Other files are updated to comply with these new settings.
@jsf9k
Add version file and bump_version script
03933fe 
Also add semver as a dev requirement.

I'd like to start versioning descendants of skeleton-ansible-role (in
anticipation of pinning Ansible role versions at a future date), and I
thought it would make sense to go ahead and implement this at the
skeleton-generic level to force us to start versioning all
repositories.

Repositories that already version can ignore these changes when they
flow down via Lineage, since they will already have their own version
files and version-bumping script.
@jsf9k
Bump version from 0.0.1 to 0.0.1-rc.1
3401551
@mcdonnnj
Update pre-commit hook versions
5b5a526 
This is done automatically with the `pre-commit autoupdate` command.
@jsf9k
Merge pull request #198 from cisagov/improvement/fix-spelling-error-i…
e0f5911 
…n-comment

Fix spelling error in comment
@jsf9k
Merge pull request #200 from cisagov/improvement/update_yamllint_rules
b35dec3 
Update our yamllint configuration file
@jsf9k
Apply our standard job preamble via cisagov/action-job-preamble
da028ea 
This new action simply applies our standard permissions monitoring and
runner hardening.  Using it allows us to DRY out the GH Actions
workflows in our skeleton repositories a bit.
@jsf9k
Set actions_permissions_config input
0e93632
@jsf9k
Add a friendly name to the cisagov/action-job-preamble steps
8b2ac55
@jsf9k @mcdonnnj
Add a Dependabot ignore directive for cisagov/action-job-preamble
864b5af 
Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k
Update input name for cisagov/action-job-preamble
8cdce2a
@jsf9k @mcdonnnj
Remove two Dependabot ignore directives
17b93ec 
GitHubSecurityLab/actions-permissions and step-security/harden-runner
are no longer direct dependencies since we are now using
cisagov/action-job-preamble.

Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k @mcdonnnj
Use cisagov/action-job-preamble in sync-labels.yml workflow
6a9e331 
Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k
Use v1 tag of cisagov/action-job-preamble
b5b3b9d
@jsf9k @mcdonnnj
Re-add comment explaining where the org var comes from
3ec1b1f 
Flesh out the comment a little so its meaning is clearer.

Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k @mcdonnnj
Flesh out org var comment even more
764df0c 
Make sure to mention that the permissions monitoring config can be
changed by creating a repo-level variable; there is no need to modify
the workflow.

Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k
Subsume GH status checks and context dumping into cisagov/action-job-…
c271b40 
…preamble

This action supports this functionality now, so we may as well take
advantage of it.

Also disable GH permissions monitoring, since that functionality is
poorly implemented and has been causing a lot of problems due to the
MITM implementation hogging or leaking memory.
@jsf9k
Merge pull request #201 from cisagov/improvement/use-job-preamble-action
f35dcbc 
Apply our standard job preamble via cisagov/action-job-preamble
@jsf9k
Add a CodeQL workflow to this repository
c4b192b 
CodeQL now supports GitHub Actions as a language, so it makes sense to
add such a workflow to this repository.

See this link for more details:
https://github.blog/changelog/2024-12-17-find-and-fix-actions-workflows-vulnerabilities-with-codeql-public-preview/
@jsf9k @mcdonnnj
Update comment to match what is in cisagov/skeleton-docker
0032cc2 
Also correctly sort YAML keys.

Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k @mcdonnnj
Use cisagov/action-job-preamble
0534337 
This aligns with the changes in cisagov/skeleton-generic#201.

Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k
Add the CodeQL action to the Dependabot configuration
adea10c 
Children of this skeleton repository will require this Dependabot
ignore directive.
@jsf9k
Use cisagov/action-job-preamble instead of separate actions
5dfe5df 
Use cisagov/action-job-preamble instead of
crazy-max/ghaction-github-status and crazy-max/ghaction-dump-context
directly.
@jsf9k
Add a workflow to run actions/dependency-review-action
d740ee8 
This action reviews dependency changes for vulnerabilities and license
changes.
@jsf9k @mcdonnnj
Use cisagov/action-job-preamble
a446dde 
This aligns with the changes in cisagov/skeleton-generic#201.

Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
jsf9k and others added 4 commits March 27, 2025 19:30
@jsf9k
Merge pull request #204 from cisagov/feature/version-all-the-things
4b2bc42 
Add version file and `bump-version` script
@jsf9k
Merge pull request #205 from cisagov/maintenance/update_pre-commit_hooks
ca757aa 
Update `pre-commit` hook versions
@jsf9k @mcdonnnj
Do not disable GitHub permissions monitoring by default
028f652 
But do leave a commented-out line that can be uncommented to do so.
The idea is that we should only comment out this functionality where
we really must.

Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
@mcdonnnj
Merge pull request #206 from cisagov/improvement/do-not-disable-perms…
d289ef3 
…-monitoring-by-default

Do not disable GitHub permissions monitoring by default
@cisagovbot cisagovbot added the upstream update This issue or pull request pulls in upstream updates label Mar 28, 2025
@github-advanced-security
Copy link

github-advanced-security bot commented Mar 28, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@jsf9k jsf9k added dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code security This issue or pull request addresses a security issue labels Apr 1, 2025
@jsf9k jsf9k force-pushed the lineage/skeleton branch from d29102f to 3786e40 Compare April 1, 2025 16:46
@jsf9k jsf9k marked this pull request as ready for review April 1, 2025 16:52
@jsf9k jsf9k enabled auto-merge April 1, 2025 16:53
@jsf9k jsf9k requested a review from a team April 1, 2025 16:53
@jsf9k jsf9k merged commit 1d4dcd6 into develop Apr 1, 2025
12 checks passed
@jsf9k jsf9k deleted the lineage/skeleton branch April 1, 2025 18:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@jsf9k jsf9k Awaiting requested review from jsf9k jsf9k is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

+1 more reviewer

@dv4harr10 dv4harr10 dv4harr10 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jsf9k jsf9k

Labels

dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code security This issue or pull request addresses a security issue upstream update This issue or pull request pulls in upstream updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@cisagovbot @dav3r @dv4harr10 @felddy @jsf9k @mcdonnnj