⚠️ CONFLICT! Lineage pull request for: skeleton#37
Merged
Conversation
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4...v5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
The `pull_request` trigger's default activity types are `opened`, `reopened`, and `synchronized`. These types better represent when we want this workflow to run and the `edited` type was resulting in undesired workflow runs.
This is done automatically with the `pre-commit autoupdate` command.
The latest release supports the artifact-metadata permission that we are now using in the generate-sbom job of the build.yml GitHub Actions workflow in cisagov/skeleton-aws-lambda-python, cisagov/skeleton-docker, and cisagov/skeleton-python-library.
This will return the cache key to being a string with no new lines.
It is no longer necessary to install wheel alongside setuptools as of setuptools v70.1: https://github.com/pypa/wheel?tab=readme-ov-file#historical-note
This is done automatically with the pre-commit autoupdate command.
We rely on the default activity types for the pull_request event in our GitHub Actions workflows. This adds a comment mentioning that we do so and linking to the GitHub documentation for the event which details the specific activity types that are used by default. Co-authored-by: dav3r <david.redmin@gwe.cisa.dhs.gov>
This is done automatically with the pre-commit autoupdate command.
Remove installation of `wheel` Python package
…s/cache-5 Bump actions/cache from 4 to 5
…ggers Adjust the activity types for the `pull_request` trigger in the `Label pull requests` workflow
…ting Adjust the `lint` job of the `build` workflow's cache key formatting
Update `pre-commit` hook versions
Now that I have two pull requests out for changes relevant to our work it makes sense to use a branch that consolidates any changes we need.
It is no longer necessary to install wheel alongside setuptools as of setuptools v70.1.
We need to update the comment about using a branch of mcdonnnj's terraform-docs fork to reflect that a second PR with different functionality is now included in the branch. Co-authored-by: Shane Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
…s_branch Change the branch we use for installing terraform-docs
Bumps [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) from 5 to 6. - [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases) - [Commits](crazy-max/ghaction-github-labeler@v5...v6) --- updated-dependencies: - dependency-name: crazy-max/ghaction-github-labeler dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3 to 4. - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](hashicorp/setup-terraform@v3...v4) --- updated-dependencies: - dependency-name: hashicorp/setup-terraform dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
This warning contradicts the Black style so it must be ignored.
Make the ignore commenting consistent with the select commenting. Break up each comment/directive with an empty line.
This adds the flake8-bugbear plugin to our pre-commit configuration. Note that flake8 is already configured to use this plugin's warnings.
Add the dlint plugin to our flake8 configuration for pre-commit. Update the flake8 configuration to select these new warnings.
Add the flake8-noqa plugin to the flake8 portion of our pre-commit configuration. Update the flake8 configuration to select these new warnings.
github-actions
Bot
added
dependencies
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
This gets rid of some errors from our black pre-commit linter.
The error is related to our use of random.Random, but since we aren't generating random numbers for the purpose of cryptography it doesn't really matter.
This gets rid of an error from flake8 about an overly long line.
This gets rid of an error from flake8 about an overly long line. Since there is no whitespace in the line flake allows it to exist.
…ention This gets rid of an error from flake8.
This gets rid of an error from flake8.
jsf9k
approved these changes
May 4, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This Lineage PR brings in upstream skeleton-python-library updates, primarily modernizing tooling/linting configuration and GitHub Actions workflows for build/test automation.
Changes:
- Updated CI workflows (cache/action versions, job naming, artifact handling) and Dependabot grouping/ignore rules.
- Refreshed pre-commit hook versions and expanded Flake8 plugin selection/configuration in
pyproject.toml. - Minor Python/test cleanups and packaging guidance updates (
requirements.txt,setup-env).
Reviewed changes
Copilot reviewed 11 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
tests/test_lcgit.py |
Test refactor in iterator unpacking; currently breaks the state-restore test logic. |
src/lcgit/lcgit.py |
Lint/noqa annotations and minor style/docstring formatting adjustments. |
setup-env |
Adjusts pip bootstrap packages (drops wheel). |
requirements.txt |
Updates comment to reflect pyproject.toml-based dependency management; removes wheel. |
pyproject.toml |
Expands Flake8 selection/ignore configuration and updates doc links/comments. |
.pre-commit-config.yaml |
Bumps hook versions; adds Flake8 plugin deps; updates pip-audit config and Terraform hooks. |
.github/workflows/sync-labels.yml |
Bumps GitHub label sync action major version. |
.github/workflows/label-prs.yml |
Uses default pull_request activity types; adds explanatory comment. |
.github/workflows/dependency-review.yml |
Adds comment clarifying default pull_request activity types. |
.github/workflows/codeql-analysis.yml |
Adds comment clarifying default pull_request activity types. |
.github/workflows/build.yml |
Updates caching/actions; renames jobs; adjusts build deps and cache keys (includes issues noted). |
.github/dependabot.yml |
Adds action update grouping and adds pip ignore list for skeleton-managed deps. |
Comments suppressed due to low confidence (1)
tests/test_lcgit.py:62
test_state_save_and_restoreno longer captures the emitted iterator state. The loop now assigns the second tuple element to_state, butstateis never updated, so theif state:block never runs and the restore path is not exercised. Update the loop to store the emitted state (e.g., assignstate = _stateat the point you break) so the test actually validates save/restore behavior.
break_at = len(lcg1) / 2
count = 0
state = None
for i, _state in lcg1:
count += 1
accumulated.append(i)
if count == break_at:
break
assert (
len(lcg1) <= 1 or sorted(accumulated) != answer
), "accumulated list should NOT be identical to answer list yet"
if state: # empty sequences won't generate state
lcg2 = lcg(sequence, state)
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request: CONFLICT
Lineage has created this pull request to incorporate new changes found in an upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-python-library.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with your project.
The
lineage/skeletonbranch has one or more unresolved merge conflicts that you must resolve before merging this pull request!How to resolve the conflicts
Take ownership of this pull request by removing any other assignees.
Clone the repository locally, and reapply the merge:
Review the changes displayed by the
statuscommand. Fix any conflicts and possibly incorrect auto-merges.After resolving each of the conflicts,
addyour changes to the branch,commit, andpushyour changes:Note that you may append to the default merge commit message that git creates for you, but please do not delete the existing content. It provides useful information about the merge that is being performed.
Wait for all the automated tests to pass.
Confirm each item in the "Pre-approval checklist" below.
Remove any of the checklist items that do not apply.
Ensure every remaining checkbox has been checked.
Mark this draft pull request "Ready for review".
✅ Pre-approval checklist
Note
You are seeing this because one of this repository's maintainers has configured Lineage to open pull requests.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage