Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>

Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>

Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>

This is being done for testing purposes, and this commit can be
reverted (or removed) once cisagov/setup-env-github-action#65 is
merged.

Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>

Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>

The repo name we were using redirects to the correct place, but we may
as well cut out the middle man.

…orrect staticcheck package URL

Co-Authored By: @mcdonnnj <mcdonnj@users.noreply.github.com>

Co-authored-by: Shane Frasier <jeremy.frasier@gwe.cisa.dhs.gov>

We generally only use quotes when they are strictly necessary to ensure
data is interpreted as a string value.

Our standard practice for YAML files is to sort keys alphabetically.

Co-authored-by: David Harris <David.Harris@associates.cisa.dhs.gov>

The "stopped" parameter is no longer present now that we are using
python-on-whales.

Co-authored-by: dav3r <david.redmin@gwe.cisa.dhs.gov>

The token is optionally used for the build and prerelease actions to
override the default values used by the semver Python package.

Since the replacement and commit of version change information is
almost identical across the different logic flows it makes sense to DRY
out the code.

Only retrieve the existing version information if the input to the
bump_version.sh script isn't immediately invalid (if the script does
not get 1-2 arguments).

The team has come to the consensus that the `git push` should be at the
discretion of the user. This both prevents needless GitHub Actions runs
and ensures that the repository is updated when the user feels it is in
an appropriate state.

Co-authored-by: Shane Frasier <jeremy.frasier@gwe.cisa.dhs.gov>

Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>

…b-action"

This reverts commit ddbf6f7.

This can be done now that cisagov/setup-env-github-action#65 has been
merged.

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Add crazy-max/ghaction-github-labeler as a commented out dependency to
ignore in the dependabot configuration file. This should be enabled in
downstream projects to consolidate updating this Action to the
cisagov/skeleton-generic repository.

Add go packages for pre-commit

Use the correct repo name for the ansible-lint pre-commit hook

…nfiguration

Update the Dependabot configuration

Delete duplicate word "are"

Add nixfmt pre-commit hook

…s/checkout-4

Bump actions/checkout from 3 to 4

Update the version of the `crazy-max/ghaction-github-labeler` Action and add a dependabot ignore directive

This is done automatically with the `pre-commit autoupdate` command.

This mirror was created to leverage performance optimizations from
mypyc wheels that are available if black is installed from PyPI. These
wheels are not available if black is installed from source as it would
be using the old URL. Please see psf/black#3828 and psf/black#3405 for
more information.

This action is added in a separate "diagnostics" job.  As configured
it will never fail, but it will print out the status of the various
GitHub components.  This information will sometimes be useful when
determining why builds fail after the fact.

Co-authored-by: Mark Feldhousen <mark.feldhousen@gwe.cisa.dhs.gov>
Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>

Even though the diagnostics job is not currently configured to fail
due to the GitHub status, it is still true that if the job is unable
to run that does not bode well for the lint job's successful
execution.

Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>

This can be useful when debugging why a GH Action failed.

Co-authored-by: felddy <mark.feldhousen@gwe.cisa.dhs.gov>

This GH Action is being configured to run in audit mode.  It should
warn us if an Action is reaching out to an unexpected web address,
overwriting source code, etc.

Co-authored-by: felddy <mark.feldhousen@gwe.cisa.dhs.gov>

This task can only provide coverage for the job that contains it.

We need a reminder add the step-security/harden-runner action at the
top of every job.

Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>

Update `pre-commit` hooks

Change the source repository for the `black` hook

Add a job that runs diagnostics

Enable the new dependabot ignore directives that were added in
cisagov/skeleton-generic.

We generally only use quotes when they are strictly necessary to ensure
data is interpreted as a string value. This mirrors what was done to
the configurations inherited from cisagov/skeleton-generic.

Our standard practice for YAML files is to sort keys alphabetically.
This mirrors what was done to the configurations inherited from
cisagov/skeleton-generic.

This updates the remaining declarations to match what was pulled down
from cisagov/skeleton-generic.

Add the `diagnostics` job as a dependency for the other jobs. Reformat
the dependencies for those jobs to match the formatting of the `lint`
job. This aligns with what was pulled down from
cisagov/skeleton-generic.

Ensure that top-level keys except for `steps` are alphabetically sorted.

We generally only use quotes when they are strictly necessary to ensure
data is interpreted as a string value. This mirrors what was done to
the configurations inherited from cisagov/skeleton-generic.

This aligns with what was done to the `lint` job of the build.yml
workflow that was inherited from cisagov/skeleton-generic.

We generally only use quotes when they are strictly necessary to ensure
data is interpreted as a string value. This mirrors what was done to
the configurations inherited from cisagov/skeleton-generic.

Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@v2...v3)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps python from 3.11.4-alpine to 3.12.0-alpine.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

It's good to agree everywhere with the changes we made to the
build.yml workflow in cisagov/skeleton-generic#144.

⚠️ CONFLICT! Lineage pull request for: skeleton

…alpine

Bump python from 3.11.4-alpine to 3.12.0-alpine

…for-codeql-workflow

Add a diagnostics job to the CodeQL workflow

Modify comment referencing "stopped" parameter

…_script

Enhance the functionality of the `bump_version.sh` script

…/login-action-3

Bump docker/login-action from 2 to 3

…/setup-buildx-action-3

Bump docker/setup-buildx-action from 2 to 3

…/setup-qemu-action-3

Bump docker/setup-qemu-action from 2 to 3

Bumps [actions/github-script](https://github.com/actions/github-script) from 6 to 7.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v6...v7)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@v4...v5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

There is currently a potential incompatibility with the default
behavior of the version of buildx being used. A default image generated
is built with provenance, which is something we would like to have, but
these default images can run on neither Google Cloud Run nor AWS
Lambda. Please see docker/buildx#1533 for mroe information. Since we
want to retain support for creating AWS Lambda images we add a
commented out disabling of this functionality that can be enabled in a
downstream repository if needed.

…keleton

…s/github-script-7

Bump actions/github-script from 6 to 7

…/build-push-action-5

Bump docker/build-push-action from 4 to 5