⚠️ CONFLICT! Lineage pull request for: skeleton#64
Merged
Conversation
Use a specific number of spaces instead of the default of only caring if the number of spaces used is consistent within a file. Ensure that block sequences inside of mappings are indented.
The use of flow sequences and mappings is not as readable as block collections and so should be discouraged. Since it is a cleaner representation for empty collections we will allow those, but if an application otherwise requires flow collections they can be explicitly enabled by disabling the checks per https://yamllint.readthedocs.io/en/stable/disable_with_comments.html
When running ansible-lint it will throw the following warning with our current configuration: WARNING Found incompatible custom yamllint configuration (.yamllint), please either remove the file or edit it to comply with: - comments.min-spaces-from-content must be 1 - braces.max-spaces-inside must be 1 - octal-values.forbid-implicit-octal must be true - octal-values.forbid-explicit-octal must be true. Thus we implement these configuration rules.
Previously we disabled the `truthy` rule due to Ansible's use of `yes`/`no` for boolean values. That is no longer the case and the default configuration used by ansible-lint now has this rule enabled. The use of `on` as a key in GitHub Actions workflow syntax means we needed to add disable-line comments for the truthy rule.
Add a configuration for the `quoted-strings` rule that matches our best practices. Other files are updated to comply with these new settings.
Also add semver as a dev requirement. I'd like to start versioning descendants of skeleton-ansible-role (in anticipation of pinning Ansible role versions at a future date), and I thought it would make sense to go ahead and implement this at the skeleton-generic level to force us to start versioning all repositories. Repositories that already version can ignore these changes when they flow down via Lineage, since they will already have their own version files and version-bumping script.
This is done automatically with the `pre-commit autoupdate` command.
…n-comment Fix spelling error in comment
Update our yamllint configuration file
This new action simply applies our standard permissions monitoring and runner hardening. Using it allows us to DRY out the GH Actions workflows in our skeleton repositories a bit.
Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
GitHubSecurityLab/actions-permissions and step-security/harden-runner are no longer direct dependencies since we are now using cisagov/action-job-preamble. Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
Flesh out the comment a little so its meaning is clearer. Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
Make sure to mention that the permissions monitoring config can be changed by creating a repo-level variable; there is no need to modify the workflow. Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
…preamble This action supports this functionality now, so we may as well take advantage of it. Also disable GH permissions monitoring, since that functionality is poorly implemented and has been causing a lot of problems due to the MITM implementation hogging or leaking memory.
Apply our standard job preamble via cisagov/action-job-preamble
CodeQL now supports GitHub Actions as a language, so it makes sense to add such a workflow to this repository. See this link for more details: https://github.blog/changelog/2024-12-17-find-and-fix-actions-workflows-vulnerabilities-with-codeql-public-preview/
Also correctly sort YAML keys. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
This aligns with the changes in cisagov/skeleton-generic#201. Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
Children of this skeleton repository will require this Dependabot ignore directive.
Use cisagov/action-job-preamble instead of crazy-max/ghaction-github-status and crazy-max/ghaction-dump-context directly.
This action reviews dependency changes for vulnerabilities and license changes.
This aligns with the changes in cisagov/skeleton-generic#201. Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
⚠️ CONFLICT! Lineage pull request for: skeleton
In #221 we made all of the variables in the example module non-nullable but did not do the same to the `basic_usage` example. Since it uses variables beyond the requirements of the example module it makes sense to also specify the example's variables as non-nullable.
Specify all variables in the `basic_usage` example as non-nullable
cisagovbot
added
the
upstream update
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
jsf9k
added
version bump
dv4harr10
approved these changes
May 9, 2025
dav3r
approved these changes
May 12, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request: CONFLICT
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-tf-module.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with
your project.
The
lineage/skeletonbranch has one or more unresolved merge conflictsthat you must resolve before merging this pull request!
How to resolve the conflicts
Take ownership of this pull request by removing any other assignees.
Clone the repository locally, and reapply the merge:
Review the changes displayed by the
statuscommand. Fix any conflicts andpossibly incorrect auto-merges.
After resolving each of the conflicts,
addyour changes to thebranch,
commit, andpushyour changes:Note that you may append to the default merge commit message
that git creates for you, but please do not delete the existing
content. It provides useful information about the merge that is
being performed.
Wait for all the automated tests to pass.
Confirm each item in the "Pre-approval checklist" below.
Remove any of the checklist items that do not apply.
Ensure every remaining checkbox has been checked.
Mark this draft pull request "Ready for review".
✅ Pre-approval checklist
✅ Pre-merge checklist
bump_version.shscript if this repository is versioned and the changes in this PR warrant a version bump.✅ Post-merge checklist
Note
You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage