⚠️ CONFLICT! Lineage pull request for: skeleton#216
Draft
cisagovbot wants to merge 330 commits intodevelopfrom
Draft
⚠️ CONFLICT! Lineage pull request for: skeleton#216cisagovbot wants to merge 330 commits intodevelopfrom
cisagovbot wants to merge 330 commits intodevelopfrom
Conversation
…s/setup-python-5 Bump actions/setup-python from 4 to 5
Update `pre-commit` hooks
…steps Set the default `shell` for all `run` steps in the `build` workflow
…pecify_python Allow setup-env to specify Python version
…om_action Use `cisagov/setup-env-github-action` to provide the Python and Go versions to use
…ok_for_shfmt Switch the pre-commit hook used to run `shfmt`
Add a pre-commit hook to run `goimports`
…upport_terraform-docs Add ATX Header Support for `terraform-docs`
This hook bundles the binaries for shellcheck with a Python package which removes the need to ensure the tool is installed for the hook to function. It also ties the version of shellcheck used to the hook which will help guarantee consistency.
…ok_for_shellcheck Switch the pre-commit hook used to run `shellcheck`
This commit will make a few changes. The orginal version of the semantic checking function was a bit more difficult to read. It is now somewhat easier to follow how the regex is structured. Also the function has been renamed to check_python_version since it has 2 functions, making sure that the version is semantically correct and the second is to make sure that it is installed on the user's machine. This makes it easier to follow the logic for the flags, -p or --python-version and -l or --list-versions
…ttps://github.com/cisagov/skeleton-generic into improvement/correct-semantic-python-version-checks
Co-authored-by: dav3r <david.redmin@trio.dhs.gov>
Co-authored-by: dav3r <david.redmin@trio.dhs.gov>
Add the `check-useless-excludes` meta hook to verify that any defined `exclude` directives apply to at least one file in the repository.
# Conflicts: # .github/workflows/build.yml # .pre-commit-config.yaml # CONTRIBUTING.md
cisagovbot
assigned
aloftus23,
cduhn17,
Matthew-Grayson,
nickviola,
rapidray12 and
schmelz21
Bumps [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) from 5 to 6. - [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases) - [Commits](crazy-max/ghaction-github-labeler@v5...v6) --- updated-dependencies: - dependency-name: crazy-max/ghaction-github-labeler dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3 to 4. - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](hashicorp/setup-terraform@v3...v4) --- updated-dependencies: - dependency-name: hashicorp/setup-terraform dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
This warning contradicts the Black style so it must be ignored.
Make the ignore commenting consistent with the select commenting. Break up each comment/directive with an empty line.
This adds the flake8-bugbear plugin to our pre-commit configuration. Note that flake8 is already configured to use this plugin's warnings.
Add the dlint plugin to our flake8 configuration for pre-commit. Update the flake8 configuration to select these new warnings.
Add the flake8-noqa plugin to the flake8 portion of our pre-commit configuration. Update the flake8 configuration to select these new warnings.
Add the pep8-naming plugin to the flake8 portion of our pre-commit configuration. Update the flake8 configuration to select these new warnings.
Add the flake8-comprehensions plugin to the flake8 portion of our pre-commit configuration. Update the flake8 configuration to select these new warnings.
When explaining the items selected or ignored in the configuration we now preface each line with the prefix/code it pertains to in the configuration. Also break apart the pycodestyle prefixes into their own lines.
The `go-critic` pre-commit hook from the TekWizely/pre-commit-golang repo expects the binary to be called `go-critic` now. As a result, the current tool installation in the `build.yml` workflow results in the following error when pre-commit is run in GitHub Actions: error: command not found: go-critic
The file is not used to configure anything bandit does by default so we can safely remove it and updated the pre-commit configuration. This is also acceptable because the configuration file has been removed downstream in cisagov/skeleton-python-library already.
Change two reference URLs in the flake8 configuration to use `https://` instead of `http://`. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Change a reference URL in the flake8 configuration because `pydocstyle.org` domain ownership appears to have lapsed. Instead point to the source file in the archived GitHub repository. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Attribute the error codes we are ignoring to the correct source package. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This extends our usage of the antonbabenko/pre-commit-terraform hook collection. This new hook will automatically ensure that a Terraform lock file includes hashes for all of our supported platforms.
We have to ignore this vulnerability for now since an update for pygments has not yet been released. In any event, this vulnerability is unlikely to cause us any problems since we don't feed any regexes to pygments directly. See also: - cisagov/skeleton-generic#257 - https://nvd.nist.gov/vuln/detail/CVE-2026-4539 - pygments/pygments#3058 Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
Ignore a vulnerability originating from `pygments`
…orp/setup-terraform-4 Bump hashicorp/setup-terraform from 3 to 4
…max/ghaction-github-labeler-6 Bump crazy-max/ghaction-github-labeler from 5 to 6
This is done automatically with the pre-commit autoupdate command.
Newer versions of the hook require Python 3.14, but we are still using Python 3.13 in our GitHub Actions configuration.
Install the `go-critic` command instead of `gocritic` in the `build.yml` workflow
…uration Add additional plugins to the `flake8` pre-commit configuration
…to_lock_terraform_providers Add a pre-commit hook to lock Terraform providers automatically
Update `pre-commit` hook versions
…uration_file Remove the bandit configuration file
# Conflicts: # .bandit.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request: CONFLICT
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-generic.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with
your project.
The
lineage/skeletonbranch has one or more unresolved merge conflictsthat you must resolve before merging this pull request!
How to resolve the conflicts
Take ownership of this pull request by removing any other assignees.
Clone the repository locally, and reapply the merge:
Review the changes displayed by the
statuscommand. Fix any conflicts andpossibly incorrect auto-merges.
After resolving each of the conflicts,
addyour changes to thebranch,
commit, andpushyour changes:Note that you may append to the default merge commit message
that git creates for you, but please do not delete the existing
content. It provides useful information about the merge that is
being performed.
Wait for all the automated tests to pass.
Confirm each item in the "Pre-approval checklist" below.
Remove any of the checklist items that do not apply.
Ensure every remaining checkbox has been checked.
Mark this draft pull request "Ready for review".
✅ Pre-approval checklist
Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!
in code comments.
to reflect the changes in this PR.
✅ Pre-merge checklist
Remove any of the following that do not apply. These boxes should
remain unchecked until the pull request has been approved.
appropriate
via the
bump_version.shscript if this repository isversioned and the changes in this PR warrant a version
bump.
✅ Post-merge checklist
Remove any of the following that do not apply.
Note
You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage