Lineage pull request for: skeleton #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cisagovbot
requested review from
dav3r,
felddy,
jsf9k and
mcdonnnj
as code owners
cisagovbot
added
the
upstream update
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Co-authored-by: Nick <[email protected]>
…up-env files Co-authored-by: Nick <[email protected]>
@mcdonnnj correctly pointed out that other projects add their own configuration files that match, e.g., the /.*.yaml pattern. We want to ensure that we only own the linter configuration files from the skeleton. Co-authored-by: Nick <[email protected]>
Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v2...v3) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v2...v3) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v2...v3) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps python from 3.11.4-alpine to 3.12.0-alpine. --- updated-dependencies: - dependency-name: python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
It's good to agree everywhere with the changes we made to the build.yml workflow in cisagov/skeleton-generic#144.
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 2 to 3. - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](hashicorp/setup-terraform@v2...v3) --- updated-dependencies: - dependency-name: hashicorp/setup-terraform dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
We prefer block style to flow style for sequences and mappings in YAML.
We prefer to alphabetize mapping keys in YAML documents whenever possible.
This should improve compatibility with merge queues. We configure it to only trigger on the `checks_requested` type which is currently the only supported type for this trigger. If additional types are added in the future they should be added if appropriate.
⚠️ CONFLICT! Lineage pull request for: skeleton
…alpine Bump python from 3.11.4-alpine to 3.12.0-alpine
…for-codeql-workflow Add a diagnostics job to the CodeQL workflow
Modify comment referencing "stopped" parameter
…_script Enhance the functionality of the `bump_version.sh` script
…/login-action-3 Bump docker/login-action from 2 to 3
…/setup-buildx-action-3 Bump docker/setup-buildx-action from 2 to 3
…/setup-qemu-action-3 Bump docker/setup-qemu-action from 2 to 3
Install the core Python packages (pip, setuptools, and wheel) into the system Python environment before installing pipenv. This keeps things consistent with our usual approach to Python environments.
The comment references a command that is no longer being run. Co-authored-by: Shane Frasier <[email protected]>
Co-authored-by: dav3r <[email protected]>
Change the tags used in the table to match the version of the project. Previously "1.2.3" was used as an example version but there is no reason not to use the real version of the image.
…tion Install Python dependencies with `pipenv`
Update the README
Update the Dockerfile and testing to accommodate changes in the new version.
Update dependencies
Co-authored-by: dav3r <[email protected]>
The version of Python listed in the Pipfile is updated to match the new Docker image tag.
- pip from 24.0 to 24.3.1 - pipenv from 2023.12.1 to 2024.4.0 - setuptools from 69.1.1 to 75.6.0 - wheel from 0.42.0 to 0.45.1
Update the dependencies installed in the Python virtual environment by running `pipenv lock` in the `src/` directory.
Update image dependencies
This resolves the following warning from Docker when building the image: FromAsCasing: 'as' and 'FROM' keywords' casing do not match Co-authored-by: Shane Frasier <[email protected]>
…nfiguration Update Dockerfile configuration
Currently there is a bug in the script's logic that prevents you from running `./bump-version prerelease` to bump _just_ the prerelease. This is due to faulty checking logic to ensure expected behavior when combining bump commands.
Instead of using the CSV style in an environment variable we can instead use a newline delimited list directly for the `platforms` input. Since the environment variable is only used to provide a value for the `platforms` input there should be no issue with this change.
…p_prereleases Ensure the `bump-version` script can bump pre-releases
…ms_in_environment_variable Stop using an environment variable to store the list of platforms to build
Switch to using the docker/metadata-action GitHub Action to generate Docker image metadata. This replaces manually specifying the labels and calculating appropriate tags. This approach will both be easier as well as eliminate some of the issues we've had with manually calculating the image tags.
Update the test configuration to only check the org.opencontainers.image.version label on releases. We must make this change because the docker/metadata-action will only populate the label with an appropriate value on a release. Otherwise it will be the branch that is sourced when building the image.
Use the `docker/metadata-action` GitHub Action to generate our image metadata
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-docker.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with
your project.
✅ Pre-approval checklist
Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!
in code comments.
to reflect the changes in this PR.
✅ Pre-merge checklist
Remove any of the following that do not apply. These boxes should
remain unchecked until the pull request has been approved.
appropriate
via the
bump_version.shscript if this repository isversioned and the changes in this PR warrant a version
bump.
✅ Post-merge checklist
Remove any of the following that do not apply.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage