Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Dependabot ignore directives #101

Merged
merged 32 commits into from
Jun 13, 2022

Conversation

mcdonnnj
Copy link
Member

⚠ Note

This pull request is built on top of #79. That must be merged before this can be merged. The differences from just this branch can more readily be viewed at lineage/skeleton...improvement/update_dependabot_ignores.

🗣 Description

This pull request adds all of the versioned GitHub Actions managed by this skeleton to the Dependabot configuration. It also adds a comment denoting that this repository owns those dependencies.

💭 Motivation and context

This mirrors the work in cisagov/skeleton-generic#112 to label dependency ownership as well as adding this project's managed dependencies to the list for downstream repositories.

🧪 Testing

Automated tests pass.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

mcdonnnj and others added 30 commits February 23, 2022 20:11
Update pre-commit hooks using `pre-commit autoupdate`.
This comment explains that the configuration may have commented out
ignore directives that should be uncommented in downstream projects.
yamllint does not like it when you comment out pieces of dictionaries
in lists. Upcoming additions to the Dependabot configuration will run
afoul of this so we are updating the yamllint configuration.
…_yamllint_configurations

Add boilerplate for upcoming Dependabot configuration changes
Given the inconsistent behavior of underscores used within words for
style we should prefer asterisks now that these rules are available.
…configuration

Use new `markdownlint` rules for emphasis- and strong-styles
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Update pre-commit hooks using `pre-commit autoupdate`. The `ansible-lint` hook
is intentionally held back due to issues with upgrading to v6.
This adds commented out ignore directives for the following GitHub
Actions:

- action/cache
- action/checkout
- action/setup-python

These should be uncommented downstream to ensure that updates to these
dependencies are pushed from pull requests made in the skeleton.
…s/setup-python-3

Bump actions/setup-python from 2 to 3
…s/checkout-3

Bump actions/checkout from 2 to 3
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](actions/cache@v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
…es_for_github_actions

Add Dependabot ignore directives
…s/cache-3

Bump actions/cache from 2 to 3
Use Python 3.10 for the `lint` job in GitHub Actions
Add hooks to validate GitHub Actions and GitHub Action workflows. These
are validated using JSON Schemas.
…re-commit_hooks

Add `pre-commit` hooks to validate GitHub Actions content
Uncomment the `github-actions` Dependabot ignore directives because
those dependencies are managed by cisagov/skeleton-generic upstream.
mcdonnnj added 2 commits May 30, 2022 01:40
We must ensure that all `workflow_dispatch` input defaults are string
values. This ensures expected behavior instead of relying on automatic
type conversions.
This includes adding the versioned GitHub Actions that should be
ignored in downstream projects and a comment stating where these
dependencies are managed.
@mcdonnnj mcdonnnj added improvement This issue or pull request will add or improve functionality, maintainability, or ease of use dependencies Pull requests that update a dependency file labels May 31, 2022
@mcdonnnj mcdonnnj requested a review from dav3r as a code owner May 31, 2022 22:58
@mcdonnnj mcdonnnj requested review from felddy and jsf9k as code owners May 31, 2022 22:58
@mcdonnnj mcdonnnj self-assigned this May 31, 2022
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent.

Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fantastico!

@mcdonnnj mcdonnnj added the blocked This issue or pull request is awaiting the outcome of another issue or pull request label Jun 1, 2022
@mcdonnnj mcdonnnj merged commit 62da9e2 into develop Jun 13, 2022
@mcdonnnj mcdonnnj deleted the improvement/update_dependabot_ignores branch June 13, 2022 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocked This issue or pull request is awaiting the outcome of another issue or pull request dependencies Pull requests that update a dependency file improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

3 participants