Skip to content

⚠️ CONFLICT! Lineage pull request for: skeleton #245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jsf9k merged 58 commits into from
Oct 22, 2025
Merged

⚠️ CONFLICT! Lineage pull request for: skeleton #245

jsf9k merged 58 commits into from
Oct 22, 2025

Conversation

@cisagovbot
Copy link

@cisagovbot cisagovbot commented Sep 24, 2025
edited by jsf9k
Loading

Lineage Pull Request: CONFLICT

Achtung!!!

Lineage has created this pull request to incorporate new changes found in an upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-docker.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with your project.

The lineage/skeleton branch has one or more unresolved merge conflicts that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone git@github.com:cisagov/code-gov-update.git code-gov-update
cd code-gov-update
git remote add skeleton https://github.com/cisagov/skeleton-docker.git
git remote set-url --push skeleton no_push
git switch develop
git switch --create lineage/skeleton --track origin/develop
git pull skeleton HEAD
git status

  3. Review the changes displayed by the status command. Fix any conflicts and possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the branch, commit, and push your changes:

    git add Dockerfile 
git commit
git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message that git creates for you, but please do not delete the existing content. It provides useful information about the merge that is being performed.

  5. Wait for all the automated tests to pass.

  6. Confirm each item in the "Pre-approval checklist" below.

  7. Remove any of the checklist items that do not apply.

  8. Ensure every remaining checkbox has been checked.

  9. Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

  • ✌️ The conflicts in this pull request have been resolved.
  • All relevant type-of-change labels have been added.
  • All new and existing tests pass.

Note

You are seeing this because one of this repository's maintainers has configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

mcdonnnj and others added 30 commits May 28, 2025 11:15
@mcdonnnj
Add a configuration block for pre-commit.ci
4d88c8b 
This adds a `ci` block to the pre-commit configurations to control the
behavior of the pre-commit.ci GitHub app.
@mcdonnnj
Use a version tag for cisagov/setup-env-github-action
3b58427 
We currently use the `develop` branch as our reference for the
cisagov/setup-env-github-action action in the build workflow. We will
instead use the major version tag which puts our usage of this action
in line with how we use other actions in our workflows.
@mcdonnnj
Add a configuration to automatically label pull requests
f891704 
This includes updating the dependabot configuration, adding a new
`label-prs.yml` GitHub Actions workflow, and adding a suitable
configuration file for the actions/labeler action used by the
aforementioned workflow.
@dependabot
Bump library/python from 3.13.5-alpine3.22 to 3.13.7-alpine3.22
b6c32f2 
Bumps library/python from 3.13.5-alpine3.22 to 3.13.7-alpine3.22.

---
updated-dependencies:
- dependency-name: library/python
  dependency-version: 3.13.7-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@mcdonnnj @dependabot
Bump actions/labeler from 5 to 6
0aba281 
Bumps [actions/labeler](https://github.com/actions/labeler) from 5 to 6.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](actions/labeler@v5...v6)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump aquasecurity/trivy-action from 0.33.0 to 0.33.1
35bac1f 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.33.0 to 0.33.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@0.33.0...0.33.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/setup-python from 5 to 6
507fe98 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/setup-go from 5 to 6
428ab61 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@mcdonnnj
Adjust the labels dependabot uses
623a983 
Instead of using the default labels for the `github-actions` package
ecosystem we specify the labels explicitly. This is done to ensure that
dependabot uses our `github-actions` label instead of the default of
`github_actions`. We must also explicitly specify the `dependencies`
label since we are overriding the default label values.
@mcdonnnj
Add a dependabot configuration for Docker Compose
50c0ad8 
This should produce dependabot PRs for Docker images defined in the
Docker composition in this project.
@mcdonnnj
Adjust GNU getopt check logic in the setup-env script
03065cd 
Change the check from looking for specific text in the version output
to using the `--test` option. This will provide a more robust
implementation of this check that does not have to worry about output
format stability.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@mcdonnnj
Merge pull request #212 from cisagov/improvement/use_tag_not_branch
dd78561 
Use a version tag for `cisagov/setup-env-github-action`
@mcdonnnj
Merge pull request #216 from cisagov/dependabot/github_actions/action…
c2a8218 
…s/setup-python-6

Bump actions/setup-python from 5 to 6
@mcdonnnj
Merge pull request #217 from cisagov/dependabot/github_actions/action…
4f7398e 
…s/setup-go-6

Bump actions/setup-go from 5 to 6
@mcdonnnj
Merge pull request #213 from cisagov/improvement/add_ci_config_to_pre…
4d30d44 
…-commit_config

Add a configuration block for pre-commit.ci
@mcdonnnj
Merge pull request #215 from cisagov/improvement/add_pr_auto_labelling
deb2480 
Add a configuration to automatically label pull requests
@mcdonnnj
Merge pull request #218 from cisagov/improvement/adjust_dependabot_la…
ad43910 
…bels

Adjust the labels dependabot uses for GitHub Actions updates
@mcdonnnj
Merge pull request #221 from cisagov/improvement/adjust_gnu_getopt_ch…
b45b24c 
…eck_logic

Adjust the logic used to check for GNU getopt in the `setup-env` script
@dependabot
Bump actions/checkout from 4 to 5
c7e1ce8 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@mcdonnnj
Merge pull request #214 from cisagov/dependabot/github_actions/action…
a27070a 
…s/checkout-5

Bump actions/checkout from 4 to 5
@mcdonnnj
Update pre-commit hook versions
d070095 
This is done automatically with the `pre-commit autoupdate` command.
@mcdonnnj
Conform to new markdownlint rule
ee20b2a 
A new rule, `MD059/descriptive-link-text`, was added in markdownlint's
0.38.0 release, which itself is used in v0.45.0 of markdownlint-cli. As
such, we must update to conform to the new rule.
@mcdonnnj
Bump version from 0.0.1-rc.1 to 1.0.0
5bde44c
@mcdonnnj
Merge pull request #220 from cisagov/maintenance/update_pre-commit_hooks
37010e5 
Update `pre-commit` hook versions
@jsf9k
Merge remote-tracking branch 'skeleton/develop' into lineage/skeleton
cb19850
@jsf9k
Sync bandit versions used in pre-commit config
ca3226e
@jsf9k
Update GitHub actions to versions used upstream
d946283
@jsf9k
Add python configuration to labeler
f2a3280
@jsf9k
Add test code to labeler configuration
a197a7a
@jsf9k
Correct version file location in labeler configuration
0f35673
@jsf9k jsf9k unassigned dav3r and mcdonnnj Oct 17, 2025
@jsf9k jsf9k moved this to In Progress in CyHy System Oct 17, 2025
jsf9k added 4 commits October 17, 2025 15:41
@jsf9k
Merge remote-tracking branch 'skeleton-docker/develop' into lineage/s…
607079d 
…keleton
@jsf9k
Add new Dependabot ignore directive from upstream
32632a6
@jsf9k
Make links more descriptive
bd9a10b 
This gets rid of two errors from our markdownlint pre-commit linter.
@jsf9k
Upgrade to Python 3.12.12
4ef6859 
This is the version of Python currently offered by Alpine Linux 3.22,
so this is a necessary change.
@jsf9k jsf9k force-pushed the lineage/skeleton branch 3 times, most recently from 4c1dc07 to 6d1ca8e Compare October 20, 2025 17:06
@jsf9k
Add gcc, libffi-dev, and musl-dev as system package dependencies
6d1ca8e 
These packages are necessary to build the cffi wheel for the 386
platform.
@jsf9k jsf9k marked this pull request as ready for review October 20, 2025 17:38
@jsf9k jsf9k enabled auto-merge October 20, 2025 17:39
@jsf9k
Copy link
Member

jsf9k commented Oct 20, 2025
edited
Loading

@mcdonnnj - Do you think a version bump is warranted here, since we are now using Python 3.12.12? If so, would that be a patch bump?

@dav3r
Copy link
Member

dav3r commented Oct 20, 2025

@mcdonnnj - Do you think a version bump is warranted here, since we are now using Python 3.12? If so, would that be a patch bump?

Do you mean now that we are moving from Python 3.12.11 to 3.12.12?

@mcdonnnj
Copy link
Member

mcdonnnj commented Oct 20, 2025

@mcdonnnj - Do you think a version bump is warranted here, since we are now using Python 3.12.12? If so, would that be a patch bump?

I would prefer to leave the version as-is so I can bump it in #229 this week and cut a new release after testing.

@jsf9k
Copy link
Member

jsf9k commented Oct 21, 2025

I would prefer to leave the version as-is so I can bump it in #229 this week and cut a new release after testing.

Can we still merge this one first and then you can rebase #229? I really don't want to rebase this one.

@mcdonnnj
Copy link
Member

mcdonnnj commented Oct 21, 2025

I would prefer to leave the version as-is so I can bump it in #229 this week and cut a new release after testing.

Can we still merge this one first and then you can rebase #229? I really don't want to rebase this one.

Yes, that's the plan.

mcdonnnj
mcdonnnj approved these changes Oct 22, 2025
View reviewed changes
Copy link
Member

@mcdonnnj mcdonnnj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this LGTM ✔ One small suggestion for your consideration.

@jsf9k @mcdonnnj
Make link text a bit more specific
fdaea8e 
Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k jsf9k merged commit c9f1e22 into develop Oct 22, 2025
27 checks passed
@jsf9k jsf9k deleted the lineage/skeleton branch October 22, 2025 14:26
@github-project-automation github-project-automation bot moved this from In Progress to Done in CyHy System Oct 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dav3r dav3r dav3r approved these changes

@mcdonnnj mcdonnnj mcdonnnj approved these changes

@jsf9k jsf9k Awaiting requested review from jsf9k jsf9k is a code owner

Assignees

@jsf9k jsf9k

Labels

dependencies Pull requests that update a dependency file docker Pull requests that update Docker code documentation This issue or pull request improves or adds to documentation github-actions Pull requests that update GitHub Actions code upstream update This issue or pull request pulls in upstream updates

Projects

CyHy System
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@cisagovbot @jsf9k @dav3r @mcdonnnj