⚠️ CONFLICT! Lineage pull request for: skeleton #64
+297
−98
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit will make a few changes. The orginal version of the semantic checking function was a bit more difficult to read. It is now somewhat easier to follow how the regex is structured. Also the function has been renamed to check_python_version since it has 2 functions, making sure that the version is semantically correct and the second is to make sure that it is installed on the user's machine. This makes it easier to follow the logic for the flags, -p or --python-version and -l or --list-versions
This commit will make a few changes. The orginal version of the semantic checking function was a bit more difficult to read. It is now somewhat easier to follow how the regex is structured. Also the function has been renamed to check_python_version since it has 2 functions, making sure that the version is semantically correct and the second is to make sure that it is installed on the user's machine. This makes it easier to follow the logic for the flags, -p or --python-version and -l or --list-versions
…ttps://github.com/cisagov/skeleton-generic into improvement/correct-semantic-python-version-checks
Co-authored-by: dav3r <[email protected]>
Co-authored-by: dav3r <[email protected]>
Add the `check-useless-excludes` meta hook to verify that any defined `exclude` directives apply to at least one file in the repository.
Since we have a version pin of some kind for the molecule package in the `requirements-test.txt` file it makes sense to ensure this dependency is centrally managed.
Now that we always run systemd-enabled Docker images for our Molecule testing it makes sense to always do this.
Instead of manually installing Packer we can instead leverage the hashicorp/setup-packer Action just as we do for Terraform.
He is no longer a member of @cisagov/vm-dev.
Previously we only provided a lower bound for the version, but pinning to a specific version aligns with what has been done with the prettier hook and how pre-commit hooks are pinned in general. The flake8-docstrings package is rarely updated, so there is no real downside to pinning to a specific version. Co-authored-by: Nick <[email protected]>
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [crazy-max/ghaction-github-status](https://github.com/crazy-max/ghaction-github-status) from 3 to 4. - [Release notes](https://github.com/crazy-max/ghaction-github-status/releases) - [Commits](crazy-max/ghaction-github-status@v3...v4) --- updated-dependencies: - dependency-name: crazy-max/ghaction-github-status dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
This is done automatically with the `pre-commit autoupdate` command. The pre-commit/mirrors-prettier hook was manually held back because the latest tags are for alpha releases of the next major version.
Use the latest v3 release available from NPM.
…max/ghaction-github-status-4 Bump crazy-max/ghaction-github-status from 3 to 4
…s/cache-4 Bump actions/cache from 3 to 4
Use an Action to install Packer in our GitHub Actions workflows
…hon-version-checks Add checks for correct semantic version of Python
Remove @jasonodoom as a codeowner
The pip-audit tool will audit any supplied pip requirements files for vulnerable packages.
Fedora 41 was released on October 29th: https://www.redhat.com/en/blog/announcing-fedora-41
Note that this is being done for testing purposes, and this change can be reverted once cisagov/ansible-role-upgrade#66 is merged.
Version 24.10.0 is the first version that supports Fedora 41 as a valid platform.
Version 24.10.0 is the first version that supports Fedora 41 as a valid platform.
We can do this now that cisagov/ansible-role-upgrade#66 has been merged.
The pin of ansible-core was originally put in place because the pip-audit pre-commit hook identifies a vulnerability in ansible-core 2.16.13. Normally we would pin ansible-core to >2.16.13, but in the spirit of the earlier, optional pin of ansible>=10 we pin ansible-core to >=2.17. This effectively also pins ansible to >=10. Co-authored-by: Nick M <[email protected]>
The pin of ansible-core was originally put in place because the pip-audit pre-commit hook identifies a vulnerability in ansible-core 2.16.13. Normally we would pin ansible-core accordingly (>2.16.13), but the earlier pin of ansible>=10 effectively pins ansible-core to >=2.17 so that's what we do here. Co-authored-by: Nick M <[email protected]>
With this task in place the GitHub runners run out of resources and crash.
This is being done only temporarily, and only because there is no recent version of ansible-core that does not exhibit the vulnerability. Without this change we get a failure from the pip-audit pre-commit hook that we cannot do anything about. See cisagov/skeleton-ansible-role#210 for more details.
This adds even more evidence for why it is a good idea to go ahead and upgrade ansible and ansible-core, in addition to the vulnerability that pip-audit turned up. Co-authored-by: Nick M <[email protected]>
This adds even more evidence for why it is a good idea to go ahead and upgrade ansible and ansible-core, in addition to the vulnerability that pip-audit turned up. Co-authored-by: Nick M <[email protected]>
…n-for-ansible-core Bump up the lower bound on `ansible-core`
…-pre-commit-hook-version Update the version of the `ansible-lint` `pre-commit` hook
…ndabot Add a dependabot ignore directive for `molecule`
…tialization-for-fedora Add logic to wait for `systemd` initialization to complete on Fedora
We do this because pytest-testinfra 10.1.1 contains a fix for SystemdService.exists that is required by some roles' Molecule test code. Note that we also add a corresponding line to the Dependabot configuration so that descendant repos know this dependency is managed here. Co-authored-by: Nick <[email protected]>
Add a lower-bound pin for `pytest-testinfra`
…pin-for-ansible-core Bump up the lower bound on `ansible-core`
Lineage pull request for: skeleton
…ra-41 Add support for Fedora 41
…keleton # Conflicts: # .github/CODEOWNERS # .github/dependabot.yml
cisagovbot
added
the
upstream update
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request: CONFLICT
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-ansible-role.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with
your project.
The
lineage/skeletonbranch has one or more unresolved merge conflictsthat you must resolve before merging this pull request!
How to resolve the conflicts
Take ownership of this pull request by removing any other assignees.
Clone the repository locally, and reapply the merge:
Review the changes displayed by the
statuscommand. Fix any conflicts andpossibly incorrect auto-merges.
After resolving each of the conflicts,
addyour changes to thebranch,
commit, andpushyour changes:Note that you may append to the default merge commit message
that git creates for you, but please do not delete the existing
content. It provides useful information about the merge that is
being performed.
Wait for all the automated tests to pass.
Confirm each item in the "Pre-approval checklist" below.
Remove any of the checklist items that do not apply.
Ensure every remaining checkbox has been checked.
Mark this draft pull request "Ready for review".
✅ Pre-approval checklist
Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!
in code comments.
to reflect the changes in this PR.
✅ Pre-merge checklist
Remove any of the following that do not apply. These boxes should
remain unchecked until the pull request has been approved.
appropriate
via the
bump_version.shscript if this repository isversioned and the changes in this PR warrant a version
bump.
✅ Post-merge checklist
Remove any of the following that do not apply.
Note
You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage