Skip to content

⚠️ CONFLICT! Lineage pull request for: skeleton#207

Draft
cisagovbot wants to merge 46 commits into
developfrom
lineage/skeleton
Draft

⚠️ CONFLICT! Lineage pull request for: skeleton#207
cisagovbot wants to merge 46 commits into
developfrom
lineage/skeleton

Conversation

@cisagovbot
Copy link
Copy Markdown

@cisagovbot cisagovbot commented Jun 3, 2026

Lineage Pull Request: CONFLICT

Achtung!!!

Lineage has created this pull request to incorporate new changes found in an upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-packer.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with your project.

The lineage/skeleton branch has one or more unresolved merge conflicts that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone git@github.com:cisagov/kali-packer.git kali-packer
cd kali-packer
git remote add skeleton https://github.com/cisagov/skeleton-packer.git
git remote set-url --push skeleton no_push
git switch develop
git switch --create lineage/skeleton --track origin/develop
git pull skeleton HEAD
git status

  3. Review the changes displayed by the status command. Fix any conflicts and possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the branch, commit, and push your changes:

    git add version.txt 
git commit
git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message that git creates for you, but please do not delete the existing content. It provides useful information about the merge that is being performed.

  5. Wait for all the automated tests to pass.

  6. Confirm each item in the "Pre-approval checklist" below.

  7. Remove any of the checklist items that do not apply.

  8. Ensure every remaining checkbox has been checked.

  9. Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

Remove any of the following that do not apply. If you're unsure about any of these, don't hesitate to ask. We're here to help!

  • ✌️ The conflicts in this pull request have been resolved.
  • All future TODOs are captured in issues, which are referenced in code comments.
  • All relevant type-of-change labels have been added.
  • All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.
  • Bump major, minor, patch, pre-release, and/or build versions as appropriate via the bump_version script if this repository is versioned and the changes in this PR warrant a version bump.
  • Create a pre-release (necessary if and only if the pre-release version was bumped).

✅ Pre-merge checklist

Remove any of the following that do not apply. These boxes should remain unchecked until the pull request has been approved.

  • Finalize version.

✅ Post-merge checklist

Remove any of the following that do not apply.

  • Create a release (necessary if and only if the version was bumped).

Note

You are seeing this because one of this repository's maintainers has configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

dependabot Bot and others added 30 commits March 2, 2026 20:23
@dependabot
Bump crazy-max/ghaction-github-labeler from 5 to 6
816d175 
Bumps [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) from 5 to 6.
- [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases)
- [Commits](crazy-max/ghaction-github-labeler@v5...v6)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-github-labeler
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump hashicorp/setup-terraform from 3 to 4
3d2fe82 
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3 to 4.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](hashicorp/setup-terraform@v3...v4)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@mcdonnnj
Add E203 to ignore list for flake8
2c37bcc 
This warning contradicts the Black style so it must be ignored.
@mcdonnnj
Reformat .flake8 configuration
0f44a77 
Make the ignore commenting consistent with the select commenting. Break
up each comment/directive with an empty line.
@mcdonnnj
Add the flake8-bugbear plugin
57ce573 
This adds the flake8-bugbear plugin to our pre-commit configuration.
Note that flake8 is already configured to use this plugin's warnings.
@mcdonnnj
Add dlint plugin for flake8
d1356e9 
Add the dlint plugin to our flake8 configuration for pre-commit. Update
the flake8 configuration to select these new warnings.
@mcdonnnj
Add the flake8-noqa plugin for flake8
0fd3256 
Add the flake8-noqa plugin to the flake8 portion of our pre-commit
configuration. Update the flake8 configuration to select these new
warnings.
@mcdonnnj
Add pep8-naming plugin for flake8
f3bf99f 
Add the pep8-naming plugin to the flake8 portion of our pre-commit
configuration. Update the flake8 configuration to select these new
warnings.
@mcdonnnj
Add flake8-comprehensions plugin for flake8
b1503a0 
Add the flake8-comprehensions plugin to the flake8 portion of our
pre-commit configuration. Update the flake8 configuration to select
these new warnings.
@mcdonnnj
Adjust flake8 configuration comment format
3056053 
When explaining the items selected or ignored in the configuration we
now preface each line with the prefix/code it pertains to in the
configuration. Also break apart the pycodestyle prefixes into their own
lines.
@mcdonnnj
Install the go-critic command instead of gocritic
2024429 
The `go-critic` pre-commit hook from the TekWizely/pre-commit-golang
repo expects the binary to be called `go-critic` now. As a result, the
current tool installation in the `build.yml` workflow results in the
following error when pre-commit is run in GitHub Actions:
error: command not found: go-critic
@mcdonnnj
Remove the bandit configuration file
ad4cd80 
The file is not used to configure anything bandit does by default so we
can safely remove it and updated the pre-commit configuration. This is
also acceptable because the configuration file has been removed
downstream in cisagov/skeleton-python-library already.
@jsf9k
Tweak comment
961b2a3 
Mention the specific role that makes use of
community.general.json_query to make it easier for the user to
determine whether the jmespath Python dependency is necessary.
@jsf9k
Fix typo
2dfb3f8 
Correct grammar
@mcdonnnj
Use https:// instead of http:// in referenced URLs
175c410 
Change two reference URLs in the flake8 configuration to use `https://`
instead of `http://`.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@mcdonnnj
Update a reference URL
a2e2621 
Change a reference URL in the flake8 configuration because
`pydocstyle.org` domain ownership appears to have lapsed. Instead point
to the source file in the archived GitHub repository.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@mcdonnnj
Update ignore comment in the flake8 configuration
c85cbef 
Attribute the error codes we are ignoring to the correct source
package.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@mcdonnnj
Add pre-commit hook to lock Terraform providers automatically
f094a60 
This extends our usage of the antonbabenko/pre-commit-terraform hook
collection. This new hook will automatically ensure that a Terraform
lock file includes hashes for all of our supported platforms.
@jsf9k
Explain why we use --force-with-deps when running Packer manually
9298239 
It is not necessary to use `--force-with-deps` when running in GitHub
Actions (i.e. in the CLI code) because there we are starting from a
known, pristine state.
@jsf9k
Tweak comment from previous commit for clarity
4c52bf8 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@jsf9k @mcdonnnj
Ignore a vulnerability originating from pygments
ffe59bd 
We have to ignore this vulnerability for now since an update for
pygments has not yet been released.

In any event, this vulnerability is unlikely to cause us any problems
since we don't feed any regexes to pygments directly.

See also:
- cisagov/skeleton-generic#257
- https://nvd.nist.gov/vuln/detail/CVE-2026-4539
- pygments/pygments#3058

Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k
Correct reference to ticket in TODO comment
a1cdc78
@jsf9k
Merge pull request #258 from cisagov/ignore-pygments-vuln
71bbac4 
Ignore a vulnerability originating from `pygments`
@jsf9k
Merge pull request #252 from cisagov/dependabot/github_actions/hashic…
2f729bb 
…orp/setup-terraform-4

Bump hashicorp/setup-terraform from 3 to 4
@jsf9k
Merge pull request #251 from cisagov/dependabot/github_actions/crazy-…
391e54b 
…max/ghaction-github-labeler-6

Bump crazy-max/ghaction-github-labeler from 5 to 6
@mcdonnnj
Update pre-commit hook versions
811785c 
This is done automatically with the pre-commit autoupdate command.
@mcdonnnj
Revert version bump of the ansible-lint pre-commit hook
df57f2a 
Newer versions of the hook require Python 3.14, but we are still using
Python 3.13 in our GitHub Actions configuration.
@mcdonnnj
Merge pull request #254 from cisagov/bug/adjust_gocritic_install
60c481a 
Install the `go-critic` command instead of `gocritic` in the `build.yml` workflow
@mcdonnnj
Merge pull request #255 from cisagov/improvement/update_flake8_config…
24bc1e0 
…uration

Add additional plugins to the `flake8` pre-commit configuration
@mcdonnnj
Merge pull request #256 from cisagov/improvement/add_pre-commit_hook_…
5103fb6 
…to_lock_terraform_providers

Add a pre-commit hook to lock Terraform providers automatically
mcdonnnj and others added 16 commits March 25, 2026 15:40
@mcdonnnj
Merge pull request #259 from cisagov/maintenance/update_pre-commit_hooks
52df901 
Update `pre-commit` hook versions
@mcdonnnj
Merge pull request #253 from cisagov/improvement/remove_bandit_config…
72ac03a 
…uration_file

Remove the bandit configuration file
@jsf9k
Merge remote-tracking branch 'skeleton/develop' into lineage/skeleton
2368f8e
@jsf9k
Update other uses of hashicorp/setup-terraform to v4
902ac4b
@jsf9k
Add Darwin hashes for Terraform providers
c20ebd5
@dav3r
Update ami_share_account_name_regex to match current account naming s…
8a7c517 
…cheme

The legacy account names are finally going away, so we can now use a more specific regex to match account names.
@dav3r
Bump version from 3.1.0 to 3.2.0
00af784
@dependabot
Bump the aws-provider group across 2 directories with 1 update
268164e 
Bumps the aws-provider group with 1 update in the /terraform-build-user directory: [hashicorp/aws](https://github.com/hashicorp/terraform-provider-aws).
Bumps the aws-provider group with 1 update in the /terraform-post-packer directory: [hashicorp/aws](https://github.com/hashicorp/terraform-provider-aws).


Updates `hashicorp/aws` from 6.35.1 to 6.47.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.35.1...v6.47.0)

Updates `hashicorp/aws` from 6.35.1 to 6.47.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.35.1...v6.47.0)

Updates `hashicorp/aws` from 6.35.1 to 6.47.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.35.1...v6.47.0)

Updates `hashicorp/aws` from 6.35.1 to 6.47.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.35.1...v6.47.0)

---
updated-dependencies:
- dependency-name: hashicorp/aws
  dependency-version: 6.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-provider
- dependency-name: hashicorp/aws
  dependency-version: 6.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-provider
- dependency-name: hashicorp/aws
  dependency-version: 6.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-provider
- dependency-name: hashicorp/aws
  dependency-version: 6.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-provider
...

Signed-off-by: dependabot[bot] <support@github.com>
@jsf9k
Merge pull request #522 from cisagov/documentation/tweak-comment
835f975 
Tweak comment for clarity
@jsf9k
Merge pull request #523 from cisagov/documentation/fix-typo
fde7190 
Fix typo
@jsf9k
Merge pull request #525 from cisagov/documentation/explain-use-of-for…
1f383d2 
…ce-with-deps

Explain why we use `--force-with-deps` when running Packer manually
@jsf9k
Merge pull request #526 from cisagov/dependabot/terraform/terraform-b…
1ed472c 
…uild-user/aws-provider-e176355a5d

Bump the aws-provider group across 2 directories with 1 update
@jsf9k
Merge pull request #532 from cisagov/improvement/current-acct-names
b933506 
Update default value of `ami_share_account_name_regex` to match current assessment account naming scheme
@jsf9k
Merge remote-tracking branch 'origin/develop' into lineage/skeleton
6c82526
@jsf9k
Merge pull request #527 from cisagov/lineage/skeleton
08f3024 
⚠️ CONFLICT! Lineage pull request for: skeleton
Merge https://github.com/cisagov/skeleton-packer into lineage/skeleton
d9c6139 
# Conflicts:
#	version.txt
@cisagovbot cisagovbot added the upstream update This issue or pull request pulls in upstream updates label Jun 3, 2026
@github-actions github-actions Bot added documentation This issue or pull request improves or adds to documentation version bump This issue or pull request increments the version number dependencies Pull requests that update a dependency file terraform Pull requests that update Terraform code github-actions Pull requests that update GitHub Actions code test This issue or pull request adds or otherwise modifies test code labels Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dav3r dav3r Awaiting requested review from dav3r dav3r will be requested when the pull request is marked ready for review dav3r is a code owner

@felddy felddy Awaiting requested review from felddy felddy will be requested when the pull request is marked ready for review felddy is a code owner

@jsf9k jsf9k Awaiting requested review from jsf9k jsf9k will be requested when the pull request is marked ready for review jsf9k is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj will be requested when the pull request is marked ready for review mcdonnnj is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@jsf9k jsf9k

@dav3r dav3r

@mcdonnnj mcdonnnj

Labels

dependencies Pull requests that update a dependency file documentation This issue or pull request improves or adds to documentation github-actions Pull requests that update GitHub Actions code terraform Pull requests that update Terraform code test This issue or pull request adds or otherwise modifies test code upstream update This issue or pull request pulls in upstream updates version bump This issue or pull request increments the version number

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cisagovbot @jsf9k @dav3r @mcdonnnj