Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⚠️ CONFLICT! Lineage pull request for: skeleton #838

Merged
merged 30 commits into from
Nov 21, 2024
Merged

⚠️ CONFLICT! Lineage pull request for: skeleton #838

merged 30 commits into from
Nov 21, 2024

Conversation

cisagovbot
Copy link

@cisagovbot cisagovbot commented Oct 30, 2024
edited by dav3r
Loading

Lineage Pull Request: CONFLICT

Achtung!!!

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-generic.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

The lineage/skeleton branch has one or more unresolved merge conflicts
that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone [email protected]:cisagov/cyhy_amis.git cyhy_amis
cd cyhy_amis
git remote add skeleton https://github.com/cisagov/skeleton-generic.git
git remote set-url --push skeleton no_push
git switch develop
git switch --create lineage/skeleton --track origin/develop
git pull skeleton HEAD
git status

  3. Review the changes displayed by the status command. Fix any conflicts and
    possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the
    branch, commit, and push your changes:

    git add .github/dependabot.yml 
git commit
git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message
    that git creates for you, but please do not delete the existing
    content    . It provides useful information about the merge that is
    being performed.

  5. Wait for all the automated tests to pass.

  6. Confirm each item in the "Pre-approval checklist" below.

  7. Remove any of the checklist items that do not apply.

  8. Ensure every remaining checkbox has been checked.

  9. Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!

  • ✌️ The conflicts in this pull request have been resolved.
  • All future TODOs are captured in issues, which are referenced
    in code comments.
  • All relevant type-of-change labels have been added.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • All new and existing tests pass.

Note

You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

mcdonnnj added 13 commits October 2, 2024 00:27
@mcdonnnj
Add a new trigger for the sync-labels GitHub Actions workflow
942c0dc 
Add a `workflow_dispatch` trigger so we can manually run the workflow
if needed.
@mcdonnnj
Remove unnecessary quotes in the sync-labels workflow
a267662
@mcdonnnj
Add four new hooks from pre-commit/pre-commit-hooks
dc7f09e
@mcdonnnj
Add the GitHubSecurityLab/actions-permissions/monitor Action
343d2cc 
This Action will provide information about the usage of GITHUB_TOKEN in
the workflow. It should be added to _every_ job in _any_ workflow to
provide information for analysis.
@mcdonnnj
Restrict permissions of GITHUB_TOKEN
8a77a8b 
This changes the default permissions for the GITHUB_TOKEN used in our
GitHub Actions configuration to the minimum required to successfully
run.
@mcdonnnj
Update pre-commit hook versions
3b1d4ef 
This is done automatically with the `pre-commit autoupdate` command.
@mcdonnnj
Sort hook ids in each pre-commit hook entry
1d285f2 
Ensure that all hook ids are sorted alphabetically in each hook entry
in our pre-commit configuration.
@mcdonnnj
Merge pull request #189 from cisagov/improvement/manually_run_sync-la…
5da1059 
…bels_workflow

Allow the `sync-labels` workflow to be run manually
@mcdonnnj
Merge pull request #190 from cisagov/improvement/add_actions-permissi…
ff221ba 
…ons-monitor

Add the `GitHubSecurityLab/actions-permissions/monitor` Action
@mcdonnnj
Merge pull request #191 from cisagov/improvement/github_tokenn_polp
971602a 
Explicitly define permissions of `GITHUB_TOKEN` in our GitHub Actions workflows
@mcdonnnj
Merge pull request #192 from cisagov/maintenance/update_pre-commit_hooks
bdf8a25 
Update `pre-commit` hook versions
@mcdonnnj
Merge pull request #193 from cisagov/improvement/add_more_pre-commit_…
6959971 
…hooks

Add additional hooks from `pre-commit/pre-commit-hooks`
@mcdonnnj
Merge pull request #194 from cisagov/improvement/ensure_pre-commit_ho…
f517db7 
…oks_are_sorted

Sort hook ids in each `pre-commit` hook entry
@cisagovbot cisagovbot added the upstream update This issue or pull request pulls in upstream updates label Oct 30, 2024
@mcdonnnj
Update the commented out dependabot ignore directives
8824475 
Add a directive for hashicorp/setup-packer that was missed when it was
added to the `build` workflow. Add a directive for
cisagov/setup-env-github-action that is not strictly necessary since we
currently just pull from the `develop` branch, but is good to have in
case we were to change that in the future.
@mcdonnnj
Merge pull request #195 from cisagov/bug/add_missing_dependabot_ignore
e6afb68 
Add missing dependabot ignore directives
@mcdonnnj mcdonnnj added bug This issue or pull request addresses broken functionality improvement This issue or pull request will add or improve functionality, maintainability, or ease of use dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code labels Nov 5, 2024
@mcdonnnj
Merge github.com:cisagov/skeleton-generic into lineage/skeleton
d1768d7
@mcdonnnj
Enable new dependabot ignore directives
2a90bd7
@mcdonnnj
Add Actions permissions analysis to the CodeQL workflow
37ab2e4 
Add the GitHubSecurityLab/actions-permissions/monitor Action just as it
is in the `build` and `sync-labels` workflows.
@dav3r dav3r mentioned this pull request Nov 19, 2024
Open
dav3r and others added 2 commits November 19, 2024 11:24
@dav3r @mcdonnnj @jsf9k
Bump up the lower bounds on ansible and ansible-core
0b58650 
This is being done because the pip-audit pre-commit hook identifies a
vulnerability in ansible-core version 2.16.13.  Note that this
requires that we bump up ansible to version 10 since all versions of
ansible 9 have a dependency on ~=2.16.X.

Co-authored-by: Nick M <[email protected]>
Co-authored-by: Jeremy Frasier <[email protected]>
@dav3r @jsf9k
Ignore a particular ansible-core vulnerability
d8b5718 
This is being done only temporarily, and only because there is no
recent version of ansible-core that does not exhibit the
vulnerability.  Without this change we get a failure from the
pip-audit pre-commit hook that we cannot do anything about.

Co-authored-by: Jeremy Frasier <[email protected]>
@dav3r dav3r marked this pull request as ready for review November 19, 2024 16:45
jsf9k
jsf9k requested changes Nov 19, 2024
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we want to keep this repo in sync with the recent changes in cisagov/skeleton-tf-module then I think:

  • terraform should be bumped to version 1.1 in versions.tf. This would require an update to the README.md file as well.
  • All Terraform variables should include nullable = false (or nullable = true, if appropriate)

See, e.g., cisagov/cool-userservices-dns#35.

@dav3r
Copy link
Member

dav3r commented Nov 19, 2024

If we want to keep this repo in sync with the recent changes in cisagov/skeleton-tf-module then I think:

  • terraform should be bumped to version 1.1 in versions.tf. This would require an update to the README.md file as well.
  • All Terraform variables should include nullable = false (or nullable = true, if appropriate)

See, e.g., cisagov/cool-userservices-dns#35.

@mcdonnnj Do you have any concerns or issues with me making the changes that @jsf9k mentioned above?

@mcdonnnj
Copy link
Member

If we want to keep this repo in sync with the recent changes in cisagov/skeleton-tf-module then I think:

* `terraform` should be bumped to version 1.1 in `versions.tf`.  This would require an update to the `README.md` file as well.

* All Terraform variables should include `nullable = false` (or `nullable = true`, if appropriate)

See, e.g., cisagov/cool-userservices-dns#35.

Also @dav3r. Those changes are fine, but I think they should be made separate to this PR.

@dav3r
Copy link
Member

dav3r commented Nov 19, 2024

If we want to keep this repo in sync with the recent changes in cisagov/skeleton-tf-module then I think:

* `terraform` should be bumped to version 1.1 in `versions.tf`.  This would require an update to the `README.md` file as well.

* All Terraform variables should include `nullable = false` (or `nullable = true`, if appropriate)

See, e.g., cisagov/cool-userservices-dns#35.

Also @dav3r. Those changes are fine, but I think they should be made separate to this PR.

@jsf9k I just chatted with @mcdonnnj about this and I agree with him. Since that nullable change is from skeleton-tf-module and this repo descends from skeleton-generic, it makes sense to put those nullable changes in a separate PR. I can take care of that. That being said, both @mcdonnnj and I think that this PR is now good to go.

@dav3r dav3r removed their assignment Nov 19, 2024
@dav3r dav3r mentioned this pull request Nov 19, 2024
Merged
7 tasks
@jsf9k
Copy link
Member

jsf9k commented Nov 19, 2024

If we want to keep this repo in sync with the recent changes in cisagov/skeleton-tf-module then I think:

* `terraform` should be bumped to version 1.1 in `versions.tf`.  This would require an update to the `README.md` file as well.

* All Terraform variables should include `nullable = false` (or `nullable = true`, if appropriate)

See, e.g., cisagov/cool-userservices-dns#35.

Also @dav3r. Those changes are fine, but I think they should be made separate to this PR.

@jsf9k I just chatted with @mcdonnnj about this and I agree with him. Since that nullable change is from skeleton-tf-module and this repo descends from skeleton-generic, it makes sense to put those nullable changes in a separate PR. I can take care of that. That being said, both @mcdonnnj and I think that this PR is now good to go.

See #843.

mcdonnnj
mcdonnnj reviewed Nov 20, 2024
View reviewed changes
.pre-commit-config.yaml Outdated Show resolved Hide resolved
requirements.txt Show resolved Hide resolved
jsf9k and others added 5 commits November 20, 2024 12:21
@jsf9k @mcdonnnj
Add comments about looming EOL issues for ansible and ansible-core
bd85261 
This adds even more evidence for why it is a good idea to go ahead and
upgrade ansible and ansible-core, in addition to the vulnerability
that pip-audit turned up.

Co-authored-by: Nick M <[email protected]>
@jsf9k
Merge pull request #196 from cisagov/improvement/add-a-lower-bound-pi…
f7ccd9a 
…n-for-ansible-core

Bump up the lower bound on `ansible-core`
@jsf9k
Merge pull request #197 from cisagov/improvement/upgrade-ansible-lint…
a794735 
…-pre-commit-hook-version

Update the version of the `ansible-lint` `pre-commit` hook
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
465040e 
# Conflicts:
#	.pre-commit-config.yaml
@jsf9k
Resolve conflicts from follow-on Lineage changes
9789fb3
@mcdonnnj mcdonnnj assigned jsf9k and dav3r and unassigned mcdonnnj Nov 21, 2024
@dav3r dav3r added this pull request to the merge queue Nov 21, 2024
Merged via the queue into develop with commit 648e30f Nov 21, 2024
9 checks passed
@dav3r dav3r deleted the lineage/skeleton branch November 21, 2024 16:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcdonnnj mcdonnnj mcdonnnj left review comments

@dav3r dav3r dav3r approved these changes

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

Assignees

@jsf9k jsf9k

@dav3r dav3r

Labels
bug This issue or pull request addresses broken functionality dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code improvement This issue or pull request will add or improve functionality, maintainability, or ease of use upstream update This issue or pull request pulls in upstream updates
Projects
CyHy System
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cisagovbot @dav3r @mcdonnnj @jsf9k @felddy