Lineage pull request for: skeleton#43
Merged
Merged
Conversation
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4...v5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
The `pull_request` trigger's default activity types are `opened`, `reopened`, and `synchronized`. These types better represent when we want this workflow to run and the `edited` type was resulting in undesired workflow runs.
This is done automatically with the `pre-commit autoupdate` command.
The latest release supports the artifact-metadata permission that we are now using in the generate-sbom job of the build.yml GitHub Actions workflow in cisagov/skeleton-aws-lambda-python, cisagov/skeleton-docker, and cisagov/skeleton-python-library.
This will return the cache key to being a string with no new lines.
It is no longer necessary to install wheel alongside setuptools as of setuptools v70.1: https://github.com/pypa/wheel?tab=readme-ov-file#historical-note
This is done automatically with the pre-commit autoupdate command.
We rely on the default activity types for the pull_request event in our GitHub Actions workflows. This adds a comment mentioning that we do so and linking to the GitHub documentation for the event which details the specific activity types that are used by default. Co-authored-by: dav3r <david.redmin@gwe.cisa.dhs.gov>
This is done automatically with the pre-commit autoupdate command.
Remove installation of `wheel` Python package
…s/cache-5 Bump actions/cache from 4 to 5
…ggers Adjust the activity types for the `pull_request` trigger in the `Label pull requests` workflow
…ting Adjust the `lint` job of the `build` workflow's cache key formatting
Update `pre-commit` hook versions
cisagovbot
requested review from
dav3r,
felddy,
jsf9k and
mcdonnnj
as code owners
cisagovbot
added
the
upstream update
github-actions
Bot
added
dependencies
Now that I have two pull requests out for changes relevant to our work it makes sense to use a branch that consolidates any changes we need.
The `go-critic` pre-commit hook from the TekWizely/pre-commit-golang repo expects the binary to be called `go-critic` now. As a result, the current tool installation in the `build.yml` workflow results in the following error when pre-commit is run in GitHub Actions: error: command not found: go-critic
The file is not used to configure anything bandit does by default so we can safely remove it and updated the pre-commit configuration. This is also acceptable because the configuration file has been removed downstream in cisagov/skeleton-python-library already.
Change two reference URLs in the flake8 configuration to use `https://` instead of `http://`. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Change a reference URL in the flake8 configuration because `pydocstyle.org` domain ownership appears to have lapsed. Instead point to the source file in the archived GitHub repository. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Attribute the error codes we are ignoring to the correct source package. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This extends our usage of the antonbabenko/pre-commit-terraform hook collection. This new hook will automatically ensure that a Terraform lock file includes hashes for all of our supported platforms.
We have to ignore this vulnerability for now since an update for pygments has not yet been released. In any event, this vulnerability is unlikely to cause us any problems since we don't feed any regexes to pygments directly. See also: - cisagov/skeleton-generic#257 - https://nvd.nist.gov/vuln/detail/CVE-2026-4539 - pygments/pygments#3058 Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
Ignore a vulnerability originating from `pygments`
…orp/setup-terraform-4 Bump hashicorp/setup-terraform from 3 to 4
…max/ghaction-github-labeler-6 Bump crazy-max/ghaction-github-labeler from 5 to 6
This is done automatically with the pre-commit autoupdate command.
Newer versions of the hook require Python 3.14, but we are still using Python 3.13 in our GitHub Actions configuration.
Install the `go-critic` command instead of `gocritic` in the `build.yml` workflow
…uration Add additional plugins to the `flake8` pre-commit configuration
…to_lock_terraform_providers Add a pre-commit hook to lock Terraform providers automatically
Update `pre-commit` hook versions
…uration_file Remove the bandit configuration file
github-actions
Bot
added
the
test
jsf9k
approved these changes
Mar 27, 2026
dav3r
approved these changes
Mar 30, 2026
github-project-automation
Bot
moved this from Reviewer approved
to Done
in Skeleton Maintenance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request
Lineage has created this pull request to incorporate new changes found in an upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-generic.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with your project.
✅ Pre-approval checklist
Note
You are seeing this because one of this repository's maintainers has configured Lineage to open pull requests.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage