Skip to content

⚠️ CONFLICT! Lineage pull request for: skeleton#288

Merged
jsf9k merged 32 commits intodevelopfrom
lineage/skeleton
Mar 26, 2026
Merged

⚠️ CONFLICT! Lineage pull request for: skeleton#288
jsf9k merged 32 commits intodevelopfrom
lineage/skeleton

Conversation

@cisagovbot
Copy link
Copy Markdown

@cisagovbot cisagovbot commented Mar 26, 2026
edited by jsf9k
Loading

Lineage Pull Request: CONFLICT

Achtung!!!

Lineage has created this pull request to incorporate new changes found in an upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-generic.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with your project.

The lineage/skeleton branch has one or more unresolved merge conflicts that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone git@github.com:cisagov/skeleton-docker.git skeleton-docker
cd skeleton-docker
git remote add skeleton https://github.com/cisagov/skeleton-generic.git
git remote set-url --push skeleton no_push
git switch develop
git switch --create lineage/skeleton --track origin/develop
git pull skeleton HEAD
git status

  3. Review the changes displayed by the status command. Fix any conflicts and possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the branch, commit, and push your changes:

    git add .bandit.yml .pre-commit-config.yaml 
git commit
git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message that git creates for you, but please do not delete the existing content. It provides useful information about the merge that is being performed.

  5. Wait for all the automated tests to pass.

  6. Confirm each item in the "Pre-approval checklist" below.

  7. Remove any of the checklist items that do not apply.

  8. Ensure every remaining checkbox has been checked.

  9. Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

  • ✌️ The conflicts in this pull request have been resolved.
  • All future TODOs are captured in issues, which are referenced in code comments.
  • All relevant type-of-change labels have been added.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.

Note

You are seeing this because one of this repository's maintainers has configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

dependabot bot and others added 28 commits March 2, 2026 20:23
@dependabot
Bump crazy-max/ghaction-github-labeler from 5 to 6
816d175 
Bumps [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) from 5 to 6.
- [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases)
- [Commits](crazy-max/ghaction-github-labeler@v5...v6)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-github-labeler
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump hashicorp/setup-terraform from 3 to 4
3d2fe82 
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3 to 4.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](hashicorp/setup-terraform@v3...v4)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@mcdonnnj
Add E203 to ignore list for flake8
2c37bcc 
This warning contradicts the Black style so it must be ignored.
@mcdonnnj
Reformat .flake8 configuration
0f44a77 
Make the ignore commenting consistent with the select commenting. Break
up each comment/directive with an empty line.
@mcdonnnj
Add the flake8-bugbear plugin
57ce573 
This adds the flake8-bugbear plugin to our pre-commit configuration.
Note that flake8 is already configured to use this plugin's warnings.
@mcdonnnj
Add dlint plugin for flake8
d1356e9 
Add the dlint plugin to our flake8 configuration for pre-commit. Update
the flake8 configuration to select these new warnings.
@mcdonnnj
Add the flake8-noqa plugin for flake8
0fd3256 
Add the flake8-noqa plugin to the flake8 portion of our pre-commit
configuration. Update the flake8 configuration to select these new
warnings.
@mcdonnnj
Add pep8-naming plugin for flake8
f3bf99f 
Add the pep8-naming plugin to the flake8 portion of our pre-commit
configuration. Update the flake8 configuration to select these new
warnings.
@mcdonnnj
Add flake8-comprehensions plugin for flake8
b1503a0 
Add the flake8-comprehensions plugin to the flake8 portion of our
pre-commit configuration. Update the flake8 configuration to select
these new warnings.
@mcdonnnj
Adjust flake8 configuration comment format
3056053 
When explaining the items selected or ignored in the configuration we
now preface each line with the prefix/code it pertains to in the
configuration. Also break apart the pycodestyle prefixes into their own
lines.
@mcdonnnj
Install the go-critic command instead of gocritic
2024429 
The `go-critic` pre-commit hook from the TekWizely/pre-commit-golang
repo expects the binary to be called `go-critic` now. As a result, the
current tool installation in the `build.yml` workflow results in the
following error when pre-commit is run in GitHub Actions:
error: command not found: go-critic
@mcdonnnj
Remove the bandit configuration file
ad4cd80 
The file is not used to configure anything bandit does by default so we
can safely remove it and updated the pre-commit configuration. This is
also acceptable because the configuration file has been removed
downstream in cisagov/skeleton-python-library already.
@mcdonnnj
Use https:// instead of http:// in referenced URLs
175c410 
Change two reference URLs in the flake8 configuration to use `https://`
instead of `http://`.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@mcdonnnj
Update a reference URL
a2e2621 
Change a reference URL in the flake8 configuration because
`pydocstyle.org` domain ownership appears to have lapsed. Instead point
to the source file in the archived GitHub repository.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@mcdonnnj
Update ignore comment in the flake8 configuration
c85cbef 
Attribute the error codes we are ignoring to the correct source
package.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@mcdonnnj
Add pre-commit hook to lock Terraform providers automatically
f094a60 
This extends our usage of the antonbabenko/pre-commit-terraform hook
collection. This new hook will automatically ensure that a Terraform
lock file includes hashes for all of our supported platforms.
@jsf9k @mcdonnnj
Ignore a vulnerability originating from pygments
ffe59bd 
We have to ignore this vulnerability for now since an update for
pygments has not yet been released.

In any event, this vulnerability is unlikely to cause us any problems
since we don't feed any regexes to pygments directly.

See also:
- cisagov/skeleton-generic#257
- https://nvd.nist.gov/vuln/detail/CVE-2026-4539
- pygments/pygments#3058

Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k
Correct reference to ticket in TODO comment
a1cdc78
@jsf9k
Merge pull request #258 from cisagov/ignore-pygments-vuln
71bbac4 
Ignore a vulnerability originating from `pygments`
@jsf9k
Merge pull request #252 from cisagov/dependabot/github_actions/hashic…
2f729bb 
…orp/setup-terraform-4

Bump hashicorp/setup-terraform from 3 to 4
@jsf9k
Merge pull request #251 from cisagov/dependabot/github_actions/crazy-…
391e54b 
…max/ghaction-github-labeler-6

Bump crazy-max/ghaction-github-labeler from 5 to 6
@mcdonnnj
Update pre-commit hook versions
811785c 
This is done automatically with the pre-commit autoupdate command.
@mcdonnnj
Revert version bump of the ansible-lint pre-commit hook
df57f2a 
Newer versions of the hook require Python 3.14, but we are still using
Python 3.13 in our GitHub Actions configuration.
@mcdonnnj
Merge pull request #254 from cisagov/bug/adjust_gocritic_install
60c481a 
Install the `go-critic` command instead of `gocritic` in the `build.yml` workflow
@mcdonnnj
Merge pull request #255 from cisagov/improvement/update_flake8_config…
24bc1e0 
…uration

Add additional plugins to the `flake8` pre-commit configuration
@mcdonnnj
Merge pull request #256 from cisagov/improvement/add_pre-commit_hook_…
5103fb6 
…to_lock_terraform_providers

Add a pre-commit hook to lock Terraform providers automatically
@mcdonnnj
Merge pull request #259 from cisagov/maintenance/update_pre-commit_hooks
52df901 
Update `pre-commit` hook versions
@mcdonnnj
Merge pull request #253 from cisagov/improvement/remove_bandit_config…
72ac03a 
…uration_file

Remove the bandit configuration file
@jsf9k jsf9k moved this to In Progress in Next Kraken Mar 26, 2026
jsf9k added 4 commits March 26, 2026 09:07
@jsf9k
Merge remote-tracking branch 'skeleton/develop' into lineage/skeleton
529fe71
@jsf9k
Rename TIMEOUT to timeout
8dd3691 
This gets rid of an error from our flake8 pre-commit hook.
@jsf9k
Rename i to _i
e849833 
This gets rid of an error from our flake8 pre-commit hook.
@jsf9k
Break up an overly long string
fe8e753 
This gets rid of an error from our flake8 pre-commit hook.
@jsf9k jsf9k force-pushed the lineage/skeleton branch from ffb4636 to fe8e753 Compare March 26, 2026 13:15
@github-actions github-actions bot added the python Pull requests that update Python code label Mar 26, 2026
@jsf9k jsf9k marked this pull request as ready for review March 26, 2026 13:34
@jsf9k jsf9k requested review from dav3r, felddy and mcdonnnj as code owners March 26, 2026 13:34
Copilot AI review requested due to automatic review settings March 26, 2026 13:34
@jsf9k jsf9k moved this from In progress to Review in progress in Skeleton Maintenance Mar 26, 2026
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This Lineage PR syncs this repository with upstream cisagov/skeleton-generic, primarily updating CI/lint tooling and tightening a couple of tests for style consistency.

Changes:

  • Refresh pre-commit hook versions and extend linting via additional flake8 plugins; add a pip-audit CVE ignore and a Terraform providers lock hook.
  • Update GitHub Actions workflow dependencies (e.g., label sync action, setup-terraform action) and adjust the go-critic install path in CI.
  • Minor readability/style updates in container tests (variable naming and assertion formatting).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
tests/container_test.py Minor test readability/style adjustments (timeout var, assertion formatting).
.pre-commit-config.yaml Hook version bumps; adds flake8 plugins, pip-audit ignore, and a Terraform lockfile hook.
.github/workflows/sync-labels.yml Updates label sync action version.
.github/workflows/build.yml Updates setup-terraform action major version and changes go-critic install path.
.flake8 Expands/clarifies selected flake8 rule sets and adjusts ignored codes.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-project-automation github-project-automation bot moved this from Review in progress to Reviewer approved in Skeleton Maintenance Mar 26, 2026
@jsf9k jsf9k added this pull request to the merge queue Mar 26, 2026
Merged via the queue into develop with commit 51d33e8 Mar 26, 2026
31 checks passed
@jsf9k jsf9k deleted the lineage/skeleton branch March 26, 2026 14:03
@github-project-automation github-project-automation bot moved this from Reviewer approved to Done in Skeleton Maintenance Mar 26, 2026
@github-project-automation github-project-automation bot moved this from In Progress to Done in Next Kraken Mar 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jsf9k jsf9k jsf9k approved these changes

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

Assignees

@jsf9k jsf9k

Labels

dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code python Pull requests that update Python code test This issue or pull request adds or otherwise modifies test code upstream update This issue or pull request pulls in upstream updates

Projects

Next Kraken
Status: Done
Skeleton Maintenance
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@cisagovbot @jsf9k @dav3r @felddy @mcdonnnj