Merge pull request #289 from asfadmin/test

v1.0.0 Release

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# These owners will be requested for review when someone opens a pull request.
+*       @asfadmin/tools-admin

.github/workflows/changelog.yml

@@ -0,0 +1,19 @@
+name: Changelog updated?
+
+on:
+  pull_request:
+    types:
+      - opened
+      - labeled
+      - unlabeled
+      - synchronize
+    branches:
+      - prod
+      - test
+
+jobs:
+  call-changelog-check-workflow:
+    # Docs: https://github.com/ASFHyP3/actions
+    uses: ASFHyP3/actions/.github/workflows/[email protected]
+    secrets:
+      USER_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/deploy.yml

@@ -37,13 +37,13 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: aws-actions/configure-aws-credentials@v3
+      - uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_REGION }}
 
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.9
 

.github/workflows/labeled-pr.yml

@@ -0,0 +1,16 @@
+name: Is PR labeled?
+
+on:
+  pull_request:
+    types:
+      - opened
+      - labeled
+      - unlabeled
+      - synchronize
+    branches:
+      - prod
+
+jobs:
+  call-labeled-pr-check-workflow:
+    # Docs: https://github.com/ASFHyP3/actions
+    uses: ASFHyP3/actions/.github/workflows/[email protected]

.github/workflows/release-checklist-comment.yml

@@ -0,0 +1,17 @@
+name: Create Release Comment
+
+on:
+  pull_request:
+    types:
+      - opened
+    branches:
+      - prod
+
+jobs:
+  call-release-workflow:
+    # Docs: https://github.com/ASFHyP3/actions
+    uses: ASFHyP3/actions/.github/workflows/[email protected]
+    permissions:
+      pull-requests: write
+    secrets:
+      USER_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,16 @@
+name: Create Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  call-release-workflow:
+    uses: ASFHyP3/actions/.github/workflows/[email protected]
+    with:
+      release_prefix: GRFN Distribution
+      release_branch: prod
+      develop_branch: test
+    secrets:
+      USER_TOKEN: ${{ secrets.TOOLS_BOT_PAK }}

.github/workflows/static-analysis.yml

@@ -10,7 +10,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.9
 

.github/workflows/tag-version.yml

@@ -0,0 +1,16 @@
+name: Tag New Version
+
+on:
+  push:
+    branches:
+      - prod
+
+jobs:
+  call-bump-version-workflow:
+    # Docs: https://github.com/ASFHyP3/actions
+    uses: ASFHyP3/actions/.github/workflows/[email protected]
+    with:
+      user: tools-bot
+      email: [email protected]
+    secrets:
+      USER_TOKEN: ${{ secrets.TOOLS_BOT_PAK }}

CHANGELOG.md

@@ -0,0 +1,11 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [PEP 440](https://www.python.org/dev/peps/pep-0440/)
+and uses [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.0]
+### Added
+- Versioned releases are now published to GitHub and changes are tracked in CHANGELOG.md

door/src/door/lambda_handler.py

@@ -1,3 +1,7 @@
+import json
+import os
+
+import boto3
 import serverless_wsgi
 
 from door import app
@@ -6,5 +10,16 @@
 serverless_wsgi.TEXT_MIME_TYPES.append('application/problem+json')
 
 
+def get_secret(secret_name):
+    sm = boto3.client('secretsmanager', os.environ['AWS_REGION'])
+    response = sm.get_secret_value(SecretId=secret_name)
+    secret = json.loads(response['SecretString'])
+    return secret
+
+
+private_key = get_secret(os.environ['PRIVATE_KEY_SECRET_NAME'])['private_key']
+os.environ['CLOUDFRONT_PRIVATE_KEY'] = str(private_key)
+
+
 def handler(event, context):
     return serverless_wsgi.handle_request(app, event, context)

door/src/door/routes.py

@@ -1,4 +1,3 @@
-import json
 import os
 from datetime import datetime, timedelta, timezone
 from urllib.parse import quote_plus
@@ -25,12 +24,6 @@ def decode_token(token):
         return None
 
 
-@app.before_first_request
-def init_app():
-    private_key = get_secret(os.environ['PRIVATE_KEY_SECRET_NAME'])['private_key']
-    os.environ['CLOUDFRONT_PRIVATE_KEY'] = str(private_key)
-
-
 @app.before_request
 def authenticate_user():
     cookie = request.cookies.get(os.environ['JWT_COOKIE_NAME'])
@@ -71,10 +64,3 @@ def rsa_signer(message):
     cf_signer = CloudFrontSigner(os.environ['CLOUDFRONT_KEY_PAIR_ID'], rsa_signer)
     signed_url = cf_signer.generate_presigned_url(base_url, date_less_than=expiration_datetime)
     return signed_url
-
-
-def get_secret(secret_name):
-    sm = boto3.client('secretsmanager', os.environ['AWS_REGION'])
-    response = sm.get_secret_value(SecretId=secret_name)
-    secret = json.loads(response['SecretString'])
-    return secret

requirements-door-binary.txt

@@ -1 +1 @@
-cryptography==41.0.3
+cryptography==41.0.7

requirements-door.txt

@@ -1,6 +1,6 @@
-boto3==1.28.44
-Flask==2.2.5
+boto3==1.34.10
+Flask==3.0.0
 Flask-Cors==4.0.0
 rsa==4.9
-serverless_wsgi==3.0.2
+serverless_wsgi==3.0.3
 PyJWT==2.8.0