From 4ee1bfd96b83aa1d8fda363d0a8e93db9acc395a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Feb 2022 18:02:16 +0000 Subject: [PATCH 1/9] Bump actions/setup-python from 2 to 3 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7be2ce8..f15dacc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -21,7 +21,7 @@ jobs: uses: cisagov/setup-env-github-action@develop - uses: actions/checkout@v2 - id: setup-python - uses: actions/setup-python@v2 + uses: actions/setup-python@v3 with: python-version: 3.9 # We need the Go version and Go cache location for the actions/cache step, From 3406c2d4207140951e6442f797d699e0336da2e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Mar 2022 18:01:37 +0000 Subject: [PATCH 2/9] Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7be2ce8..a6e092e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -19,7 +19,7 @@ jobs: steps: - id: setup-env uses: cisagov/setup-env-github-action@develop - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - id: setup-python uses: actions/setup-python@v2 with: From 9a0380870ca93c2417956c1c959d9286588f4fec Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 28 Mar 2022 16:19:18 -0400 Subject: [PATCH 3/9] Update pre-commit hooks Update pre-commit hooks using `pre-commit autoupdate`. The `ansible-lint` hook is intentionally held back due to issues with upgrading to v6. --- .pre-commit-config.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e6dc7b7..d991216 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -37,7 +37,7 @@ repos: args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v2.5.1 + rev: v2.6.1 hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint @@ -75,13 +75,13 @@ repos: # Python hooks - repo: https://github.com/PyCQA/bandit - rev: 1.7.2 + rev: 1.7.4 hooks: - id: bandit args: - --config=.bandit.yml - repo: https://github.com/psf/black - rev: 22.1.0 + rev: 22.3.0 hooks: - id: black - repo: https://gitlab.com/pycqa/flake8 @@ -95,11 +95,11 @@ repos: hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v0.931 + rev: v0.942 hooks: - id: mypy - repo: https://github.com/asottile/pyupgrade - rev: v2.31.0 + rev: v2.31.1 hooks: - id: pyupgrade @@ -119,7 +119,7 @@ repos: # Docker hooks - repo: https://github.com/IamTheFij/docker-pre-commit - rev: v2.0.1 + rev: v2.1.0 hooks: - id: docker-compose-check From 511a37cf1ecc9283f7a6793322067aa712d1abc4 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 28 Mar 2022 16:26:36 -0400 Subject: [PATCH 4/9] Add Dependabot ignore directives This adds commented out ignore directives for the following GitHub Actions: - action/cache - action/checkout - action/setup-python These should be uncommented downstream to ensure that updates to these dependencies are pushed from pull requests made in the skeleton. --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5792ed9..208659c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,6 +11,10 @@ updates: directory: "/" schedule: interval: "weekly" + # ignore: + # - dependency-name: actions/cache + # - dependency-name: actions/checkout + # - dependency-name: actions/setup-python - package-ecosystem: "pip" directory: "/" From 583992602c3815cd5c1b8338f12df83b1721883b Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 28 Mar 2022 16:29:30 -0400 Subject: [PATCH 5/9] Upgrade from Python 3.9 to 3.10 for the `lint` job in GHA --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7be2ce8..56de702 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -23,7 +23,7 @@ jobs: - id: setup-python uses: actions/setup-python@v2 with: - python-version: 3.9 + python-version: "3.10" # We need the Go version and Go cache location for the actions/cache step, # so the Go installation must happen before that. - uses: actions/setup-go@v2 From e22c12cbd467cac3e43298c67380b244da936782 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 28 Mar 2022 16:35:59 -0400 Subject: [PATCH 6/9] Use consistent quoting for software versions --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 56de702..917af8a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,7 +28,7 @@ jobs: # so the Go installation must happen before that. - uses: actions/setup-go@v2 with: - go-version: '1.16' + go-version: "1.16" - name: Store installed Go version id: go-version run: | From c576ef56fbe70907da23a464b29eb243a6d5361b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Apr 2022 16:22:39 +0000 Subject: [PATCH 7/9] Bump actions/cache from 2 to 3 Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3. - [Release notes](https://github.com/actions/cache/releases) - [Commits](https://github.com/actions/cache/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 264d488..ef95f3f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -38,7 +38,7 @@ jobs: id: go-cache run: | echo "::set-output name=dir::$(go env GOCACHE)" - - uses: actions/cache@v2 + - uses: actions/cache@v3 env: BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\ py${{ steps.setup-python.outputs.python-version }}-\ From 49d87d40e4f2bb6bfbba595c6a643e58b3ceccf9 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Fri, 1 Apr 2022 16:46:16 -0400 Subject: [PATCH 8/9] Add pre-commit hooks to validate GitHub Actions content Add hooks to validate GitHub Actions and GitHub Action workflows. These are validated using JSON Schemas. --- .pre-commit-config.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d991216..c5c2e10 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -47,6 +47,13 @@ repos: args: - --strict + # GitHub Actions hooks + - repo: https://github.com/python-jsonschema/check-jsonschema + rev: 0.14.2 + hooks: + - id: check-github-actions + - id: check-github-workflows + # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit rev: v2.17.0 From 6d39743372c4dc5bbe4c90855fb6b52b945d3c50 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Fri, 8 Apr 2022 16:45:44 -0400 Subject: [PATCH 9/9] Enable Dependabot ignore directives This enables the Dependabot ignore directives for GitHub Actions. --- .github/dependabot.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 208659c..48e226b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,10 +11,10 @@ updates: directory: "/" schedule: interval: "weekly" - # ignore: - # - dependency-name: actions/cache - # - dependency-name: actions/checkout - # - dependency-name: actions/setup-python + ignore: + - dependency-name: actions/cache + - dependency-name: actions/checkout + - dependency-name: actions/setup-python - package-ecosystem: "pip" directory: "/"