-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Dependabot ignore directives #101
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update pre-commit hooks using `pre-commit autoupdate`.
This comment explains that the configuration may have commented out ignore directives that should be uncommented in downstream projects.
yamllint does not like it when you comment out pieces of dictionaries in lists. Upcoming additions to the Dependabot configuration will run afoul of this so we are updating the yamllint configuration.
…_yamllint_configurations Add boilerplate for upcoming Dependabot configuration changes
Update pre-commit hooks
Given the inconsistent behavior of underscores used within words for style we should prefer asterisks now that these rules are available.
…configuration Use new `markdownlint` rules for emphasis- and strong-styles
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v2...v3) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Update pre-commit hooks using `pre-commit autoupdate`. The `ansible-lint` hook is intentionally held back due to issues with upgrading to v6.
This adds commented out ignore directives for the following GitHub Actions: - action/cache - action/checkout - action/setup-python These should be uncommented downstream to ensure that updates to these dependencies are pushed from pull requests made in the skeleton.
…s/setup-python-3 Bump actions/setup-python from 2 to 3
…s/checkout-3 Bump actions/checkout from 2 to 3
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3. - [Release notes](https://github.com/actions/cache/releases) - [Commits](actions/cache@v2...v3) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…es_for_github_actions Add Dependabot ignore directives
…s/cache-3 Bump actions/cache from 2 to 3
Use Python 3.10 for the `lint` job in GitHub Actions
Update `pre-commit` hooks
Add hooks to validate GitHub Actions and GitHub Action workflows. These are validated using JSON Schemas.
…re-commit_hooks Add `pre-commit` hooks to validate GitHub Actions content
Uncomment the `github-actions` Dependabot ignore directives because those dependencies are managed by cisagov/skeleton-generic upstream.
We must ensure that all `workflow_dispatch` input defaults are string values. This ensures expected behavior instead of relying on automatic type conversions.
This includes adding the versioned GitHub Actions that should be ignored in downstream projects and a comment stating where these dependencies are managed.
mcdonnnj
added
improvement
This issue or pull request will add or improve functionality, maintainability, or ease of use
dependencies
Pull requests that update a dependency file
labels
May 31, 2022
jsf9k
approved these changes
Jun 1, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent.
dav3r
approved these changes
Jun 1, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fantastico!
mcdonnnj
added
the
blocked
This issue or pull request is awaiting the outcome of another issue or pull request
label
Jun 1, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
blocked
This issue or pull request is awaiting the outcome of another issue or pull request
dependencies
Pull requests that update a dependency file
improvement
This issue or pull request will add or improve functionality, maintainability, or ease of use
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
⚠ Note
This pull request is built on top of #79. That must be merged before this can be merged. The differences from just this branch can more readily be viewed at lineage/skeleton...improvement/update_dependabot_ignores.
🗣 Description
This pull request adds all of the versioned GitHub Actions managed by this skeleton to the Dependabot configuration. It also adds a comment denoting that this repository owns those dependencies.
💭 Motivation and context
This mirrors the work in cisagov/skeleton-generic#112 to label dependency ownership as well as adding this project's managed dependencies to the list for downstream repositories.
🧪 Testing
Automated tests pass.
✅ Pre-approval checklist