Skip to content

⚠️ CONFLICT! Lineage pull request for: skeleton#16

Open
cisagovbot wants to merge 70 commits intodevelopfrom
lineage/skeleton
Open

⚠️ CONFLICT! Lineage pull request for: skeleton#16
cisagovbot wants to merge 70 commits intodevelopfrom
lineage/skeleton

Conversation

@cisagovbot
Copy link
Copy Markdown

@cisagovbot cisagovbot commented May 1, 2026
edited by jsf9k
Loading

Lineage Pull Request: CONFLICT

Achtung!!!

Lineage has created this pull request to incorporate new changes found in an upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-python-library.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with your project.

The lineage/skeleton branch has one or more unresolved merge conflicts that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone git@github.com:cisagov/cyhy-config.git cyhy-config
cd cyhy-config
git remote add skeleton https://github.com/cisagov/skeleton-python-library.git
git remote set-url --push skeleton no_push
git switch develop
git switch --create lineage/skeleton --track origin/develop
git pull skeleton HEAD
git status

  3. Review the changes displayed by the status command. Fix any conflicts and possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the branch, commit, and push your changes:

    git add src/example/example.py 
git commit
git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message that git creates for you, but please do not delete the existing content. It provides useful information about the merge that is being performed.

  5. Wait for all the automated tests to pass.

  6. Confirm each item in the "Pre-approval checklist" below.

  7. Remove any of the checklist items that do not apply.

  8. Ensure every remaining checkbox has been checked.

  9. Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

  • ✌️ The conflicts in this pull request have been resolved.
  • All relevant type-of-change labels have been added.
  • All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
  • All new and existing tests pass.

Note

You are seeing this because one of this repository's maintainers has configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

dependabot Bot and others added 30 commits December 15, 2025 18:26
@dependabot
Bump actions/cache from 4 to 5
d873ba4 
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@mcdonnnj
Remove itemized pull_request trigger types
ce44624 
The `pull_request` trigger's default activity types are `opened`,
`reopened`, and `synchronized`. These types better represent when we
want this workflow to run and the `edited` type was resulting in
undesired workflow runs.
@mcdonnnj
Update pre-commit hook versions
9c0d2b6 
This is done automatically with the `pre-commit autoupdate` command.
@jsf9k
Upgrade to the latest release of the check-jsonschema pre-commit hook
8cff529 
The latest release supports the artifact-metadata permission that we
are now using in the generate-sbom job of the build.yml GitHub Actions
workflow in cisagov/skeleton-aws-lambda-python,
cisagov/skeleton-docker, and cisagov/skeleton-python-library.
@mcdonnnj
Adjust the build workflow's cache key formatting
77f204a 
This will return the cache key to being a string with no new lines.
@jsf9k
Remove installation of wheel Python package
2fb5133 
It is no longer necessary to install wheel alongside setuptools as of
setuptools v70.1:
https://github.com/pypa/wheel?tab=readme-ov-file#historical-note
@jsf9k
Update pre-commit hook versions
6b9b731 
This is done automatically with the pre-commit autoupdate command.
@mcdonnnj @dav3r
Add a comment mentioning we use defaults
f55ce6a 
We rely on the default activity types for the pull_request event in our
GitHub Actions workflows. This adds a comment mentioning that we do so
and linking to the GitHub documentation for the event which details the
specific activity types that are used by default.

Co-authored-by: dav3r <david.redmin@gwe.cisa.dhs.gov>
@mcdonnnj
Update pre-commit hook versions
57ee431 
This is done automatically with the pre-commit autoupdate command.
@mcdonnnj
Merge pull request #249 from cisagov/improvement/remove-wheel
7d62b5e 
Remove installation of `wheel` Python package
@mcdonnnj
Merge pull request #244 from cisagov/dependabot/github_actions/action…
9eac052 
…s/cache-5

Bump actions/cache from 4 to 5
@mcdonnnj
Merge pull request #245 from cisagov/improvement/adjust_label-prs_tri…
fe7eb42 
…ggers

Adjust the activity types for the `pull_request` trigger in the `Label pull requests` workflow
@mcdonnnj
Merge pull request #247 from cisagov/improvement/fix_cache_key_format…
ace1712 
…ting

Adjust the `lint` job of the `build` workflow's cache key formatting
@mcdonnnj
Merge pull request #246 from cisagov/maintenance/update_pre-commit_hooks
6ae498b 
Update `pre-commit` hook versions
@mcdonnnj
Change the branch used for terraform-docs
44f5b28 
Now that I have two pull requests out for changes relevant to our work
it makes sense to use a branch that consolidates any changes we need.
@jsf9k
Merge remote-tracking branch 'skeleton/develop' into lineage/skeleton
b7f47cd
@jsf9k
Ensure that the same version of bandit is used throughout pre-commit …
8574634 
…config
@jsf9k
Upgrade actions/cache to match version used in parent skeleton
a4ad9c6
@jsf9k
Remove installation of wheel alongside setuptools
60fcea1 
It is no longer necessary to install wheel alongside setuptools as of
setuptools v70.1.
@jsf9k
Fix some dangling references to setup.py
53f9b5f
@jsf9k
Clean up definitions of cache keys to match upstream
eac3451
@mcdonnnj @jsf9k
Update comment in the build workflow
4991be5 
We need to update the comment about using a branch of mcdonnnj's
terraform-docs fork to reflect that a second PR with different
functionality is now included in the branch.

Co-authored-by: Shane Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
@jsf9k
Merge pull request #250 from cisagov/improvement/change_terraform-doc…
5df67a7 
…s_branch

Change the branch we use for installing terraform-docs
@dependabot
Bump crazy-max/ghaction-github-labeler from 5 to 6
816d175 
Bumps [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) from 5 to 6.
- [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases)
- [Commits](crazy-max/ghaction-github-labeler@v5...v6)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-github-labeler
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump hashicorp/setup-terraform from 3 to 4
3d2fe82 
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3 to 4.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](hashicorp/setup-terraform@v3...v4)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@mcdonnnj
Add E203 to ignore list for flake8
2c37bcc 
This warning contradicts the Black style so it must be ignored.
@mcdonnnj
Reformat .flake8 configuration
0f44a77 
Make the ignore commenting consistent with the select commenting. Break
up each comment/directive with an empty line.
@mcdonnnj
Add the flake8-bugbear plugin
57ce573 
This adds the flake8-bugbear plugin to our pre-commit configuration.
Note that flake8 is already configured to use this plugin's warnings.
@mcdonnnj
Add dlint plugin for flake8
d1356e9 
Add the dlint plugin to our flake8 configuration for pre-commit. Update
the flake8 configuration to select these new warnings.
@mcdonnnj
Add the flake8-noqa plugin for flake8
0fd3256 
Add the flake8-noqa plugin to the flake8 portion of our pre-commit
configuration. Update the flake8 configuration to select these new
warnings.
@cisagovbot cisagovbot added the upstream update This issue or pull request pulls in upstream updates label May 1, 2026
@github-actions github-actions Bot added dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code python Pull requests that update Python code test This issue or pull request adds or otherwise modifies test code shell script Pull requests that update shell scripts labels May 1, 2026
@jsf9k jsf9k added this to CyHy System May 5, 2026
@jsf9k jsf9k moved this to In Progress in CyHy System May 5, 2026
jsf9k added 4 commits May 5, 2026 16:19
@jsf9k
Merge remote-tracking branch 'skeleton/develop' into lineage/skeleton
dde093f
@jsf9k
Uncomment new Dependabot ignore directives from upstream
d836103
@jsf9k
Correct Markdown table format
9a28817 
This gets rid of an error from our markdownlint pre-commit linter.
@jsf9k
Fix some overly long lines
aae57bb 
This gets rid of some errors from our flake8 pre-commit linter.
@jsf9k jsf9k force-pushed the lineage/skeleton branch from 24270c0 to aae57bb Compare May 5, 2026 20:27
@github-actions github-actions Bot added the documentation This issue or pull request improves or adds to documentation label May 5, 2026
@jsf9k jsf9k marked this pull request as ready for review May 5, 2026 21:15
Copilot AI review requested due to automatic review settings May 5, 2026 21:15
@jsf9k jsf9k requested review from dav3r, felddy, jsf9k and mcdonnnj as code owners May 5, 2026 21:15
@jsf9k jsf9k enabled auto-merge May 5, 2026 21:15
@jsf9k jsf9k requested a review from a team May 5, 2026 21:15
Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR pulls in upstream skeleton maintenance updates for the repository’s Python packaging, pre-commit tooling, and GitHub Actions automation. The changes mostly align this repo with newer skeleton conventions and dependency management patterns.

Changes:

  • Refreshes CI and repository automation workflows, including action version bumps and job renaming in build.yml.
  • Updates development/tooling configuration in .pre-commit-config.yaml, pyproject.toml, requirements.txt, and setup-env.
  • Applies minor documentation/comment formatting updates in tests and README.md.

Reviewed changes

Copilot reviewed 11 out of 12 changed files in this pull request and generated no comments.

Show a summary per file
File Description
tests/test_cyhy_config.py Shortens several test docstrings without changing test behavior.
setup-env Stops upgrading/installing wheel during local environment setup.
requirements.txt Updates packaging guidance to pyproject.toml and removes wheel.
README.md Normalizes markdown table formatting.
pyproject.toml Expands Flake8 rule selection and ignore configuration comments.
.pre-commit-config.yaml Bumps many hook versions and adds new Flake8/Terraform-related tooling.
.github/workflows/sync-labels.yml Updates the repository-label sync action version.
.github/workflows/label-prs.yml Switches PR trigger config to default pull_request activity types.
.github/workflows/dependency-review.yml Adds explanatory comment for default PR trigger behavior.
.github/workflows/codeql-analysis.yml Adds explanatory comment for default PR trigger behavior.
.github/workflows/build.yml Updates action versions, cache keys, Terraform docs branch, and renames build/test jobs.
.github/dependabot.yml Adjusts Dependabot grouping/ignore rules for GitHub Actions and pip dependencies.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jsf9k jsf9k jsf9k approved these changes

@dav3r dav3r Awaiting requested review from dav3r dav3r is a code owner

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@jsf9k jsf9k

Labels

dependencies Pull requests that update a dependency file documentation This issue or pull request improves or adds to documentation github-actions Pull requests that update GitHub Actions code python Pull requests that update Python code shell script Pull requests that update shell scripts test This issue or pull request adds or otherwise modifies test code upstream update This issue or pull request pulls in upstream updates

Projects

CyHy System
Status: In Progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@cisagovbot @jsf9k @felddy @dav3r @mcdonnnj