Dependabot was configured to use the project root instead of lib/pyjanus for pip updates in #9.

Per: https://github.com/googleapis/release-please/blob/main/docs/customizing.md#updating-arbitrary-files

Default updaters are applied depending on the file extension. If you want to force the Generic updater, you must use type "generic".

{
  "extra-files": [
    {
      "type": "generic",
      "path": "path/to/file.yml"
    }
  ]
}

This needs applied to the repo to fix the most recent workflow failures.

I believe this is due the use of a timestamp in the janus container to mock more proper testing.

This broke the v0.1.1 releases.

Besides being unnecessary to test, they break the tests due to race conditions in the GitHub Actions runner environment.

This is needed to support integrating release-please into the monorepo.

This was confirmed to be possible in #124

This shouldn't be too onerous based on this project's dev workflow and release cycle.

The current configuration is for 0.0.1.

This is needed for OpenSSF best practices.

It should be setup with Jekyll.

The (dev)container image ID is being used instead of the digest.

They are not providing enough value over only using NPM workspaces to justify in terms of upkeep/complexity. This is especially after adding release-trigger, a legacy codebase.

This will be needed once release-trigger is merged in (or otherwise the codebase grows substantially from here).

This continues the work started for #122.

The new devcontainer will need to be based on node 18.

Bulk creation of PRs from Renovate is the culprit.

The check need disabled and the re-enabled for these to all merge in.

https://github.com/marketplace/actions/ossf-scorecard-action

This will make them easier to maintain and keep consistent with the development environment.

It's named janusjs instead of pyjanus.

The action has moved and has a newer version available.

This will enable the GitHub security integration and make it easier to use this project as the foundation for a template repo in the future.

This is to make it easier to use this repo as a foundation for a template repo in the future.

This is breaking the release process.

It should output code coverage, among other things yet to be defined.

This is breaking the builds.

This will complement dependabot and is supported by some of the Google Probots.

Reference: https://github.com/googleapis/repo-automation-bots/tree/main/packages/release-trigger

With minimal effort, it should be possible to update this tool to support both Jenkins and GitHub Actions in addition to the current Kokoro tool.

More info: https://docs.docker.com/build/cache/backends/gha/

An example on how to do this is here: https://github.com/actions/starter-workflows/blob/main/ci/docker-publish.yml

Current list:

• Codacy
• Conventional Commits
• Semantic Versioning
• OSSF Scorecard
• SLSA
• https://www.bestpractices.dev/

A docker release type was erroneously added to the release-please config in #9.

Latest Codespace prebuild log contained:

docker: Error response from daemon: unable to find user vscode: no matching entries in passwd file.

A devcontainer created for this repo supporting:

• Docker
• Devcontainers
• Shell Scripting
• Python
• TypeScript
• bash-completion (needed for the git completions)
• release-please
• super-linter

This will make it easier to maintain and more accessible for those looking to fork it for their own uses.

The underlying docker image should be built separate from the devcontainer and stored in GHCR. The devcontainer itself should also be stored there for caching.

Acceptance Criteria:

• Dockerfile moved to separate path from .devcontainer
• Dockerfile built as part of PRs when it has changed
• Dockerfile built and image pushed to GHCR upon release
• Devcontainer setup to use explicit version of released Dockerfile
• Devcontainer cached to GHCR for CI purposes
• Devcontainer can be used to develop itself (docker-in-docker)
• Devcontainer includes upstream Python & TypeScript Support
• bash-completion packaged added to Dockerfile
• Only trigger workflows when meaningful files are changed
• Testing of the container should occur in a different stage than final image
• Container builds cache to GHCR
• Core of workflows should be implemented in composite GitHub Actions
• Devcontainer includes needed JSON schemas
• Includes super-linter support as PR and within devcontainer

This occurs in the container action, but probably the devcontainer action too.

It should be created with Sphinx and published to either GitHub.io or ReadTheDocs.

This should be in a docs folder within the project root and also published to github.io or ReadTheDocs.

The project MUST provide reference documentation that describes the external interface (both input and output) of the software produced by the project.

The project SHOULD provide documentation in English and be able to accept bug reports and comments about code in English.

This will make it easier to use this project as the foundation for a template repo in the future.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository problems

These problems occurred while renovating this repository. View logs.

• WARN: Package lookup failures

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• chore(deps): update dependency flake8 to v7.1.1
• chore(deps): update dependency jaraco-functools to v4.0.2
• chore(deps): update dependency keyrings-alt to v5.0.2
• chore(deps): update dependency nock to v13.5.5
• chore(deps): update dependency protobuf to v5.27.3
• chore(deps): update dependency pylint to v3.2.6
• chore(deps): update dependency smee-client to v2.0.3
• chore(deps): update dependency @types/node to v20.16.1
• chore(deps): update dependency awslambdaric to v2.2.1
• chore(deps): update dependency black to v24.8.0
• chore(deps): update dependency cffi to v1.17.0
• chore(deps): update dependency gcp-releasetool to v2.1.0
• chore(deps): update dependency google-api-python-client to v2.142.0
• chore(deps): update dependency google-auth to v2.34.0
• chore(deps): update dependency idna to v3.8
• chore(deps): update dependency importlib-metadata to v8.4.0
• chore(deps): update dependency keyring to v25.3.0
• chore(deps): update dependency mocha to v10.7.3
• chore(deps): update dependency more-itertools to v10.4.0
• chore(deps): update dependency pip to v24.2
• chore(deps): update dependency pyjwt to v2.9.0
• chore(deps): update dependency pytest to v8.3.2
• chore(deps): update dependency zipp to v3.20.0
• chore(deps): update ossf/scorecard-action action to v2.4.0
• chore(deps): update sigstore/cosign-installer action to v3.6.0
• chore(deps): update terraform spacelift to v1.15.0
• chore(deps): update dependency attrs to v24
• chore(deps): update dependency cryptography to v43
• chore(deps): update dependency jaraco-context to v6
• chore(deps): update super-linter/super-linter action to v7
• chore(deps): update typescript-eslint monorepo to v8 (major) (@typescript-eslint/eslint-plugin, @typescript-eslint/parser)
• 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update actions/upload-artifact digest to 834a144
• chore(deps): update dependency pyright to v1.1.377
• chore(deps): update dependency boto3 to v1.35.5
• chore(deps): update dependency cachetools to v5.5.0
• chore(deps): update dependency openai to v1.42.0
• chore(deps): update github/codeql-action action to v3.26.5
• chore(deps): update super-linter/super-linter action to v6.9.0
• chore(deps): update terraform aws to v5.64.0
• chore(deps): update dependency lru-cache to v11
• chore(deps): update docker/build-push-action action to v6
• Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• chore(deps): update dependency eslint to ~8.57.0
• chore(deps): update dependency prettier to ~3.3.0
• chore(deps): update dependency typescript to ~5.5.0
• chore(deps): update typescript-eslint monorepo to ~6.21.0 (@typescript-eslint/eslint-plugin, @typescript-eslint/parser)
• chore(deps): update dependency c8 to v10
• chore(deps): update dependency eslint to v9
• fix(deps): update dependency @octokit/core to v6

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

This will make it easier to use this project as the foundation for template repo in the future.

The Contributor Covenant should be joined by adding it to the project in a CODE_OF_CONDUCT file.

This will help to gate/secure the resources managed by Spacelift.

It was erroneously added.

This will make upgrading release-trigger easier.

The MIT license should be used for code and the Create Commons Attribution 4.0 Internal license should be used for creative works.

This is to make it easier to use this project as a foundation for a template repo in the future.

Actions linting was disabled in #9 due to the introduction of the attestations permission. This isn't supported on actionlint prior to 1.7. Super-Linter has merged in the actionlint 1.7 upgrade, but it is unreleased at the time of this writing. The 6.6.0 release will include it.

Once 6.6.0 is release, super-linter can be updated and the actions linting re-enabled.

release-please had trouble with the changelogs that were predefined. The original contents are at the bottom instead of the top.

This should be in the form of SETUP.md and USAGE.md files in the root of the repo.

It should be created programmatically and published to either GitHub.io or ReadTheDocs.

Spacelift should be integrated with this repo, along with Infracost.

Documentation to the desired features:

• https://docs.spacelift.io/vendors/terraform/terraform-provider#proposed-workflow
• https://docs.spacelift.io/vendors/terraform/infracost
• https://docs.spacelift.io/vendors/terraform/state-management
• https://docs.spacelift.io/vendors/terraform/module-registry
• https://docs.spacelift.io/concepts/stack/
• https://registry.terraform.io/providers/spacelift-io/spacelift/latest/docs

This will reduce the number of actions runs and PR merge latency.