Skip to content

⚠️ CONFLICT! Lineage pull request for: skeleton #104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 434 commits into
base: develop
Choose a base branch
from
Open

⚠️ CONFLICT! Lineage pull request for: skeleton #104

wants to merge 434 commits into from

Conversation

@cisagovbot
Copy link

@cisagovbot cisagovbot commented Dec 6, 2024
edited by jsf9k
Loading

Lineage Pull Request: CONFLICT

Achtung!!!

Lineage has created this pull request to incorporate new changes found in an
upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-docker.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with
your project.

The lineage/skeleton branch has one or more unresolved merge conflicts
that you must resolve before merging this pull request!

How to resolve the conflicts

  1. Take ownership of this pull request by removing any other assignees.

  2. Clone the repository locally, and reapply the merge:

    git clone [email protected]:cisagov/pshtt_reporter.git pshtt_reporter
cd pshtt_reporter
git remote add skeleton https://github.com/cisagov/skeleton-docker.git
git remote set-url --push skeleton no_push
git switch develop
git switch --create lineage/skeleton --track origin/develop
git pull skeleton HEAD
git status

  3. Review the changes displayed by the status command. Fix any conflicts and
    possibly incorrect auto-merges.

  4. After resolving each of the conflicts, add your changes to the
    branch, commit, and push your changes:

    git add .github/CODEOWNERS .github/workflows/build.yml Dockerfile README.md docker-compose.yml requirements-dev.txt src/version.txt tests/container_test.py 
git commit
git push --force --set-upstream origin lineage/skeleton

    Note that you may append to the default merge commit message
    that git creates for you, but please do not delete the existing
    content    . It provides useful information about the merge that is
    being performed.

  5. Wait for all the automated tests to pass.

  6. Confirm each item in the "Pre-approval checklist" below.

  7. Remove any of the checklist items that do not apply.

  8. Ensure every remaining checkbox has been checked.

  9. Mark this draft pull request "Ready for review".

✅ Pre-approval checklist

  • ✌️ The conflicts in this pull request have been resolved.
  • All future TODOs are captured in issues, which are referenced in code comments.
  • All relevant type-of-change labels have been added.
  • All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.

✅ Pre-merge checklist

  • Bump major, minor, patch, or pre-release version as appropriate via the bump_version.sh script if this repository is versioned and the changes in this PR warrant a version bump.
  • Finalize version.

✅ Post-merge checklist

  • Create a release.

Note

You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

mcdonnnj and others added 30 commits December 6, 2024 08:40
@mcdonnnj
Merge pull request #199 from cisagov/improvement/bump_artifact_action…
1f09791 
…s_from_v3_to_v4

Bump `actions/download-artifact` and `actions/upload-artifact` from v3 to v4
@mcdonnnj
Merge pull request #201 from cisagov/improvement/update_bump_version_…
ea0bf84 
…script

Replace the `bump_version.sh` script
@mcdonnnj
Merge pull request #196 from cisagov/lineage/skeleton
71198d3 
⚠️ CONFLICT! Lineage pull request for: skeleton
@mcdonnnj
Change the format of the version tracking file
03e668f 
There is no reason to have any information but the version in the
version tracking file for Docker image projects. The current format
is simply an artifact of mirroring things over from the
cisagov/skeleton-python-library project.
@mcdonnnj
DRY out getting the project version in tests
414efb4 
We were previously getting the version in three different tests. It
makes more sense to turn getting the project version into a fixture and
to use that fixture anywhere the project version is needed.
@mcdonnnj
Merge pull request #203 from cisagov/improvement/change_version_file_…
7d4071d 
…format

Change the format of the version tracking file
@mcdonnnj
Use the full identifier for source Docker images
b6b0b7c 
This helps ensure that when a Docker image is built the expacted source
image is used regardless of what repository is configured as the
default on the host system. It also makes our Dockerfiles more
seamlessly convertible to using the GitHub Container Registry or any
other Open Container Initiative (OCI) compatible registry.
@mcdonnnj
Install cisagov/skeleton-python-library directly
3b7a9cc 
Instead of downloading the source archive, extracting it, and then
installing it with pip we instead just let pip directly install the
package.
@mcdonnnj
Use a specific version of Alpine Linux
db19706 
Use the full tag that includes the Alpine Linux version to ensure the
pulled image is always the same.
@mcdonnnj
Remove unused OS package dependencies
9e6eef2 
Since we are now installing cisagov/skeleton-python-library directly
with pip we no longer need these OS packages.
@mcdonnnj
Merge pull request #187 from cisagov/improvement/use_full_image_source
f419d35 
Use the full path for source container images
@mcdonnnj
Remove package upgrading
c516e44 
We should not blindly upgrade all pre-installed packages. This can
create inconsistent build results due to changes in installed versions.
@mcdonnnj
Change the secret message being checks in tests
460eeec 
Now that we are not overwriting the internal Python package file the
text we look for must match what is output by default. The Docker
Compose secret configuration is left in place to continue to serve as
an example and to be leveraged for a future update to
cisagov/skeleton-python-library that can provide similar functionality
to what was removed in this project.
@mcdonnnj
Pin Python packages directly installed
001e85e 
Pin the versions of the pip, setuptools, and wheel packages that are
installed.
@mcdonnnj
Merge pull request #188 from cisagov/improvement/install_skeleton-pyt…
e708211 
…hon-library_directly

Install cisagov/skeleton-python-library directly with `pip`
@mcdonnnj
Prefer calling pip as a module
48fa1a5 
Instead of relying on `pip3` being on the PATH we instead call the
module through the Python executable. This ensures that the `pip` being
used is in the same environment as the `python3` being used.
@mcdonnnj
Move WORKDIR instruction
e6f5798 
We can move this instruction to the end of the Dockerfile now that we
are no longer working with files in the Docker container when building.
@mcdonnnj
Use a Python virtual environment in the Docker image
95d4a7a 
Using a virtual environment is a Python best practice. We also
consolidate all of the Python dependency installation steps into a
single RUN instruction. This ensures that Python setup is cached in one
layer and mirrors the logical organization of this being a single step.
@mcdonnnj
Merge pull request #189 from cisagov/improvement/make_builds_more_rep…
43bf47b 
…eatable

Pin Python package versions and improve build repeatability
@mcdonnnj
Add a pipenv configuration
79a4adf 
This configuration includes a Pipfile configuration file and the
generated Pipfile.lock file that pins to specific versions for the
Python dependencies for this project. This will help us ensure
repeatable builds. The pipenv package is added as a developmental
requirement to support these files.
@mcdonnnj @jsf9k
Explain ln options being used
d3895ef 
Since we cannot use long options on Alpine Linux we should explain what
the short options we are using do. I also changed the order of options
so that they are in alphabetical order.

Co-authored-by: Shane Frasier <[email protected]>
@mcdonnnj
Install Python dependencies using pipenv
6b869bb 
Now that we have a pipenv configuration we will use it to install the
Python dependencies for the image. The `build` workflow is updated to
no longer pass the VERSION build argument in line with this change.
@mcdonnnj
Merge pull request #190 from cisagov/improvement/use_Python_venv
30f6fa9 
Use a Python virtual environment
@mcdonnnj
Use a multi-stage Docker build
5cbb75b 
Switch to using a multi-stage build in the Dockerfile. This reduces
image size since pipenv and its dependencices are not needed in the
final image. It also ensures that the system Python environment is
unmodified.
@mcdonnnj
Install core Python packages into the system Python environment
5dca6d9 
Install the core Python packages (pip, setuptools, and wheel) into the
system Python environment before installing pipenv. This keeps things
consistent with our usual approach to Python environments.
@mcdonnnj @jsf9k
Fix outdated comment in the Dockerfile
79d8de9 
The comment references a command that is no longer being run.

Co-authored-by: Shane Frasier <[email protected]>
@mcdonnnj @dav3r
Fix typo in Dockerfile comment
440ba70 
Co-authored-by: dav3r <[email protected]>
@mcdonnnj
Update image tag information in the README
78f4f78 
Change the tags used in the table to match the version of the project.
Previously "1.2.3" was used as an example version but there is no
reason not to use the real version of the image.
@mcdonnnj
Add instructions for managing Python dependencies
1774267
@mcdonnnj
Merge pull request #191 from cisagov/improvement/pin_Python_configura…
704b76f 
…tion

Install Python dependencies with `pipenv`
jsf9k added 6 commits October 24, 2025 10:38
@jsf9k
Add whitespace changes to satisfy black pre-commit linter
2c9e442 
These changes get rid of some errors from our black pre-commit linter.
@jsf9k
Update Dockerfile to use pipenv
297043c
@jsf9k
Remove code to upgrade system packages
44dc773 
Such code is not conducive to repeatable builds.
@jsf9k
Remove code associated with installation dependencies
a4b4403 
This is unnecessary now that we use a multi-stage build.
@jsf9k
Correct comment
357f39c
@jsf9k
Copy Python wheel dependencies to compile stage
19af055
@jsf9k
Copy link
Member

jsf9k commented Oct 27, 2025

FYI, there is currently no fix for the pypdf2 vulnerability that the Dependency review checks turns up.

@jsf9k
Remove support for the s390x and arm/v6 hardware platforms
a50700e 
The GitHub runners run out of disk space when building for all these
platforms, so we comment out a few of the less common ones: arm/v6 and
s390x.
jsf9k added 2 commits October 27, 2025 15:23
@jsf9k
Add TODO comments for pruning the lists of system packages we install
eef4918 
This is further described in #105.
@jsf9k
Remove support for the 386, arm/v7, and ppc64le HW platforms
ba2561d 
It takes too bloody long to build wheels for these platforms, and we
are not currently using them.
@jsf9k jsf9k marked this pull request as ready for review October 28, 2025 12:32
@jsf9k jsf9k moved this from In progress to Review in progress in BOD 18-01 Oct 28, 2025
dav3r
dav3r approved these changes Oct 28, 2025
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 👍

@github-project-automation github-project-automation bot moved this from Review in progress to Reviewer approved in BOD 18-01 Oct 28, 2025
@jsf9k
Add TODO comments for pinning system packages
9d49814 
This facilitates reproducible builds.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsf9k jsf9k jsf9k approved these changes

@dav3r dav3r dav3r approved these changes

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

Assignees

@jsf9k jsf9k

Labels

dependencies Pull requests that update a dependency file docker Pull requests that update Docker code documentation This issue or pull request improves or adds to documentation github-actions Pull requests that update GitHub Actions code python Pull requests that update Python code test This issue or pull request adds or otherwise modifies test code upstream update This issue or pull request pulls in upstream updates version bump This issue or pull request increments the version number

Projects

BOD 18-01
Status: Reviewer approved
CyHy System
Status: In Progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@cisagovbot @jsf9k @dav3r @mcdonnnj