Lineage pull request for: skeleton #32
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit will make a few changes. The orginal version of the semantic checking function was a bit more difficult to read. It is now somewhat easier to follow how the regex is structured. Also the function has been renamed to check_python_version since it has 2 functions, making sure that the version is semantically correct and the second is to make sure that it is installed on the user's machine. This makes it easier to follow the logic for the flags, -p or --python-version and -l or --list-versions
This commit will make a few changes. The orginal version of the semantic checking function was a bit more difficult to read. It is now somewhat easier to follow how the regex is structured. Also the function has been renamed to check_python_version since it has 2 functions, making sure that the version is semantically correct and the second is to make sure that it is installed on the user's machine. This makes it easier to follow the logic for the flags, -p or --python-version and -l or --list-versions
…ttps://github.com/cisagov/skeleton-generic into improvement/correct-semantic-python-version-checks
Co-authored-by: dav3r <[email protected]>
Co-authored-by: dav3r <[email protected]>
Add the `check-useless-excludes` meta hook to verify that any defined `exclude` directives apply to at least one file in the repository.
Instead of manually installing Packer we can instead leverage the hashicorp/setup-packer Action just as we do for Terraform.
He is no longer a member of @cisagov/vm-dev.
Previously we only provided a lower bound for the version, but pinning to a specific version aligns with what has been done with the prettier hook and how pre-commit hooks are pinned in general. The flake8-docstrings package is rarely updated, so there is no real downside to pinning to a specific version. Co-authored-by: Nick <[email protected]>
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [crazy-max/ghaction-github-status](https://github.com/crazy-max/ghaction-github-status) from 3 to 4. - [Release notes](https://github.com/crazy-max/ghaction-github-status/releases) - [Commits](crazy-max/ghaction-github-status@v3...v4) --- updated-dependencies: - dependency-name: crazy-max/ghaction-github-status dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
This is done automatically with the `pre-commit autoupdate` command. The pre-commit/mirrors-prettier hook was manually held back because the latest tags are for alpha releases of the next major version.
Use the latest v3 release available from NPM.
…max/ghaction-github-status-4 Bump crazy-max/ghaction-github-status from 3 to 4
…s/cache-4 Bump actions/cache from 3 to 4
Use an Action to install Packer in our GitHub Actions workflows
…hon-version-checks Add checks for correct semantic version of Python
Remove @jasonodoom as a codeowner
The pip-audit tool will audit any supplied pip requirements files for vulnerable packages.
…hook Add the `check-useless-excludes` hook to the pre-commit configuration
…mmit_hook Add a pre-commit hook to run `pip-audit`
This agrees with the advice for Terraform modules given here: https://developer.hashicorp.com/terraform/language/expressions/version-constraints#terraform-core-and-provider-versions Note that these changes should not be made to root modules.
…ictions Loosen version restrictions
cisagovbot
requested review from
dav3r,
felddy,
jsf9k and
mcdonnnj
as code owners
cisagovbot
added
the
upstream update
This is being done because the pip-audit pre-commit hook identifies a vulnerability in ansible-core version 2.16.13. Note that this requires that we bump up ansible to version 10 since all versions of ansible 9 have a dependency on ~=2.16.X.
dav3r
approved these changes
Nov 12, 2024
Version 24.10.0 is the first version that supports Fedora 41 as a valid platform.
The pin of ansible-core was originally put in place because the pip-audit pre-commit hook identifies a vulnerability in ansible-core 2.16.13. Normally we would pin ansible-core to >2.16.13, but in the spirit of the earlier, optional pin of ansible>=10 we pin ansible-core to >=2.17. This effectively also pins ansible to >=10. Co-authored-by: Nick M <[email protected]>
This adds even more evidence for why it is a good idea to go ahead and upgrade ansible and ansible-core, in addition to the vulnerability that pip-audit turned up. Co-authored-by: Nick M <[email protected]>
…n-for-ansible-core Bump up the lower bound on `ansible-core`
…-pre-commit-hook-version Update the version of the `ansible-lint` `pre-commit` hook
Lineage pull request for: skeleton
jsf9k
approved these changes
Nov 20, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-tf-module.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with
your project.
✅ Pre-approval checklist
Note
You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage