Add PR and Issue Templates and Release Pipeline

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+## Code changes will send a PR to the following users
+* @medley56
+* @bmcclellan-cu

.github/issue_template.md

@@ -0,0 +1,7 @@
+# Context
+
+*Broader context of the issue or proposed change*
+
+# Implementation Plan
+
+*Suggestions for how to approach implementing the fix/change*

.github/pull_request_template.md

@@ -0,0 +1,6 @@
+## Checklist
+- [ ] Changes are fully implemented without dangling issues or TODO items
+- [ ] Deprecated/superseded code is removed or marked with deprecation warning
+- [ ] Current dependencies have been properly specified and old dependencies removed
+- [ ] New code/functionality has accompanying tests and any old tests have been updated to match any new assumptions
+- [ ] The changelog.md has been updated

.github/workflows/release.yml

@@ -0,0 +1,178 @@
+name: Build and upload to PyPI and create GitHub release
+# https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number }}-${{ github.event.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+*'  # Push events for official release tags
+      - 'test-release/[0-9]+.[0-9]+.[0-9]+*'  # Push events for test release tags
+
+jobs:
+  build-dist-artifacts:
+    # This job uses vanilla Python tools rather than Poetry, so we don't have to use third party GitHub actions
+    # e.g. pip, build, twine
+    # If we even want to, we could switch to using something like actions/setup-poetry (but do a search for current
+    # best implementations)
+    name: Build distribution artifacts 📦
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Python 🐍
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install project dependencies
+        run: python -m pip install build twine
+
+      - name: Build wheel and source distribution
+        run: |
+          python -m build
+
+      - name: Check README rendering for PyPI
+        run: twine check dist/*
+
+      # Save ("upload") the distribution artifacts for use by downstream Actions jobs
+      - name: Upload distribution artifacts 📦
+        uses: actions/upload-artifact@v4  # This allows us to persist the dist directory after the job has completed
+        with:
+          name: python-package-distributions
+          path: dist/
+          if-no-files-found: error
+
+  # Job that pushes dist artifacts to public PyPI for official release tags
+  official-pypi-publish:
+    name: Upload official release to PyPI
+    # Prevent running on any PEP 440 suffixed tags or on test-release tags
+    if: startsWith(github.ref, 'refs/tags/test-release') == false
+    needs:
+      - build-dist-artifacts
+    runs-on: ubuntu-latest
+    environment:
+      name: official-pypi-publish-environment
+      url: https://pypi.org/p/lasp_opensearch_data_center  # Public PyPI
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
+
+    steps:
+      # This downloads the build artifacts from the build job
+      - name: Download all the dists 📦
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish distribution artifacts 📦 to PyPI
+        uses: pypa/[email protected]
+
+  # Job that pushes dist artifacts to TestPyPI for test release tags
+  # This will fail if the version (according to package metadata) has already been pushed
+  test-pypi-publish:
+    name: Upload testing release to TestPyPI
+    # Only run on test-release tags
+    if: startsWith(github.ref, 'refs/tags/test-release')
+    needs:
+      - build-dist-artifacts
+    runs-on: ubuntu-latest
+    environment:
+      name: test-pypi-publish-environment
+      url: https://test.pypi.org/p/lasp_opensearch_data_center  # TestPyPI
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
+
+    steps:
+      # This downloads the build artifacts from the build job
+      - name: Download all the dists 📦
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish distribution artifacts 📦 to TestPyPI
+        uses: pypa/[email protected]
+        with:
+          repository-url: https://test.pypi.org/legacy/
+
+  # Job that publishes an official Release to GitHub after pushing to PyPI
+  # This only runs if we have pushed to public PyPI (not TestPyPI)
+  create-github-release:
+    name: Upload dist artifacts to GitHub Release
+    needs:
+      - official-pypi-publish
+    runs-on: ubuntu-latest
+    environment:
+      name: create-github-release-environment
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for sigstore
+      contents: write  # IMPORTANT: mandatory for making GitHub Releases
+
+    steps:
+      - name: Download the artifacts 📦
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Sign the dists 📦 with Sigstore 🔑
+        uses: sigstore/[email protected]
+        with:
+          inputs: >-
+            ./dist/*.tar.gz
+            ./dist/*.whl
+
+      - name: Determine if the release is a prerelease
+        # Checks the regex form of the tag.
+        # Marks final releases only for tags matching the regex (no version suffixes)
+        # All other releases are marked as prereleases
+        run: |
+          if [[ "${{ github.ref_name }}" =~ '^.*[0-9]*\.[0-9]*\.[0-9]*$' ]]; then
+          echo "PRE_RELEASE_OPTION=''" >> $GITHUB_ENV  # Not a prerelease
+          else
+          echo "PRE_RELEASE_OPTION='--prerelease'" >> $GITHUB_ENV  # Is a prerelease
+          fi
+
+      - name: Get latest non-prerelease release
+        # This fetches the "latest" (non-prerelease) release ref,
+        # so we can generate release notes from that point instead of the most recent prerelease.
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        run: |
+          latest_release=$(gh release list --repo "${{ github.repository }}" --limit 100 --json tagName,isPrerelease --jq '.[] | select(.isPrerelease == false) | .tagName' | head -n 1)
+          if [ -z "$latest_release" ]; then
+            echo "No non-prerelease release found."
+            exit 1
+          fi
+          echo "LATEST_RELEASE_TAG=$latest_release" >> $GITHUB_ENV
+
+      - name: Create GitHub Release
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        # Uses the GitHub CLI to generate the Release and auto-generate the release notes. Also generates
+        # the Release title based on the annotation on the git tag.
+        run: >-
+          RELEASE_NAME=$(basename "${{ github.ref_name }}")
+          gh release create
+          '${{ github.ref_name }}'
+          --repo '${{ github.repository }}'
+          --title "$RELEASE_NAME"
+          ${{ env.PRE_RELEASE_OPTION }}
+          --generate-notes
+          --notes-start-tag '${{ env.LATEST_RELEASE_TAG }}'
+
+      - name: Upload artifact 📦 signatures to GitHub Release
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        # Upload to GitHub Release using the `gh` CLI.
+        # `dist/` contains the built packages, and the
+        # sigstore-produced signatures and certificates.
+        run: >-
+          gh release upload
+          '${{ github.ref_name }}' dist/**
+          --repo '${{ github.repository }}'

CITATION.cff

@@ -0,0 +1,24 @@
+cff-version: 1.2.0
+title: 'lasp_opensearch_data_center'
+type: software
+version: '1.0.0'
+description: An AWS CDK Construct library for creating an I&T data center using AWS OpenSearch.
+license: BSD-3-Clause
+abstract: The LASP OpenSearch Data Center library contains AWS CDK Constructs and assorted utilities for creating
+    an Integration and Test data center in the cloud. The Constructs defined in the library using the AWS CDK to
+    create storage resources, an OpenSearch cluster/domain, and orchestration resources for automatically
+    ingesting data into OpenSearch using Lambda functions defined by the end user.
+authors:
+- email: [email protected]
+  name: Gavin Medley
+  orcid: "0000-0002-3520-9715"
+- email: [email protected]
+  name: Brian McClellan
+  orcid: "0009-0002-8228-1485"
+- name: Luke Soderquist
+maintainers:
+- email: [email protected]
+  name: Gavin Medley
+  orcid: "0000-0002-3520-9715"
+repository-code: "https://github.com/lasp/lasp-opensearch-data-center"
+url: ""

README.md

@@ -1,77 +1,11 @@
 # LASP OpenSearch Data Center CDK Constructs
 
-A construct library for implementing an OpenSearch data center. This library contains the following constructs:
-* BackendStorageConstruct
-* BackupVault
-* Certificate
-* FrontendStorageConstruct
-* NetworkingComponents
-* Frontend
-* OpenSearch
-* CloudWatchAlarmConstruct
-* Ingest
-* DynamoQuery
-
-Example usage: 
-
-```
-domain_name = "example.com"
-self.frontendStorage = FrontendStorage(
-    self, domain_name, construct_id, environment, **kwargs
-)
-
-account_type = "dev"
-self.backendStorage = BackendStorage(
-    self,
-    construct_id,
-    dropbox_bucket_name=f"{account_type}-example-dropbox",
-    ingest_bucket_name=f"{account_type}-example-ingest",
-    opensearch_snapshot_bucket_name=f"{account_type}-example-opensearch-manual-snapshot",
-)
-
-frontend_bucket = self.frontendStorage.frontend_bucket
-self.frontend = FrontEndConstruct(
-    self,
-    construct_id=construct_id,
-    account_type=account_type,
-    domain_name=domain_name,
-    frontend_bucket=frontend_bucket,
-    waf_ip_range="1.1.1.0/24",  # Example IP range
-    environment=environment,
-)
-
-self.networking = NetworkingComponentsConstruct(self, construct_id)
-
-self.certificate = CertificateConstruct(
-    self, "CertificateConstruct", domain_name
-)
-
-# TODO: add example usage for constructs as they are completed
-```
-
-### Networking Construct
-L3 Construct containing a custom VPC with specific subnet configurations.
-
-### Back End Storage Construct
-L3 Construct containing the necessary storage infrastructure that supports the back end ingest pipeline and 
-Opensearch.
-
-### Ingest Construct
-Not yet implemented as a L3 Construct
+A construct library for implementing an OpenSearch data center.
 
 # Installation
 
 The package is available on PyPI:
 
 ```shell
 pip install lasp-opensearch-data-center
-```
-
-# Roadmap and Plans
-
-- Incorporate the last L3 construct for OpenSearch and data ingest
-- Add static code analysis and automated security testing (e.g. Bandit) using Github actions
-- Write user documentation for putting these lego blocks together, including example code for Stacks (e.g. an example CDK app)
-    - Will include detailed instructions on customizing ingest handler code
-- Clean up the docstrings and improve overall code polish
-- Write developer documentation for developing further
+```

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "lasp_opensearch_data_center"
-version = "1.0.0rc1"
+version = "1.0.0dev1"
 description = "Construct library for creating a CSV ingest pipeline into OpenSearch with a front end website."
 authors = [
     "Gavin Medley <[email protected]>",