aws-powertools
diff --git a/‎.github/scripts/comment_on_large_pr.js
+73 b/‎.github/scripts/comment_on_large_pr.js
+73
diff --git a/‎.github/workflows/build_changelog.yml
+9 b/‎.github/workflows/build_changelog.yml
+9
diff --git a/‎.github/workflows/codeql-analysis.yml
+15-15 b/‎.github/workflows/codeql-analysis.yml
+15-15
diff --git a/‎.github/workflows/on_label_added.yml
+38 b/‎.github/workflows/on_label_added.yml
+38
diff --git a/‎.github/workflows/on_opened_pr.yml
-2 b/‎.github/workflows/on_opened_pr.yml
-2
diff --git a/‎.github/workflows/on_push_docs.yml
+35 b/‎.github/workflows/on_push_docs.yml
+35
diff --git a/‎.github/workflows/on_release_notes.yml
+142 b/‎.github/workflows/on_release_notes.yml
+142
diff --git a/‎.github/workflows/python_build.yml
+3-4 b/‎.github/workflows/python_build.yml
+3-4
@@ -0,0 +1,73 @@
+const {
+  PR_NUMBER,
+  PR_ACTION,
+  PR_AUTHOR,
+  IGNORE_AUTHORS,
+} = require("./constants")
+
+
+/**
+ * Notify PR author to split XXL PR in smaller chunks
+ *
+ * @param {object} core - core functions instance from @actions/core
+ * @param {object} gh_client - Pre-authenticated REST client (Octokit)
+ * @param {string} owner - GitHub Organization
+ * @param {string} repository - GitHub repository
+ */
+const notifyAuthor = async ({
+  core,
+  gh_client,
+  owner,
+  repository,
+}) => {
+    core.info(`Commenting on PR ${PR_NUMBER}`)
+
+    let msg = `### ⚠️Large PR detected⚠️
+
+Please consider breaking into smaller PRs to avoid significant review delays. Ignore if this PR has naturally grown to this size after reviews.
+    `;
+
+    try {
+      await gh_client.rest.issues.createComment({
+        owner: owner,
+        repo: repository,
+        body: msg,
+        issue_number: PR_NUMBER,
+      });
+    } catch (error) {
+      core.setFailed("Failed to notify PR author to split large PR");
+      console.error(err);
+    }
+}
+
+module.exports = async ({github, context, core}) => {
+    if (IGNORE_AUTHORS.includes(PR_AUTHOR)) {
+      return core.notice("Author in IGNORE_AUTHORS list; skipping...")
+    }
+
+    if (PR_ACTION != "labeled") {
+      return core.notice("Only run on PRs labeling actions; skipping")
+    }
+
+
+    /** @type {string[]} */
+    const { data: labels } = await github.rest.issues.listLabelsOnIssue({
+      owner: context.repo.owner,
+      repo: context.repo.repo,
+      issue_number: PR_NUMBER,
+    })
+
+    // Schema: https://docs.github.com/en/rest/issues/labels#list-labels-for-an-issue
+    for (const label of labels) {
+      core.info(`Label: ${label}`)
+      if (label.name == "size/XXL") {
+        await notifyAuthor({
+          core: core,
+          gh_client: github,
+          owner: context.repo.owner,
+          repository: context.repo.repo,
+        })
+        break;
+      }
+    }
+}
@@ -0,0 +1,9 @@
+# Standalone workflow to update changelog if necessary
+name: Build changelog
+
+on:
+  workflow_dispatch:
+
+jobs:
+  changelog:
+    uses: ./.github/workflows/reusable_publish_changelog.yml
@@ -2,7 +2,7 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [develop]
+    branches: [develop, v2]
 
 jobs:
   analyze:
@@ -14,23 +14,23 @@ jobs:
       matrix:
         # Override automatic language detection by changing the below list
         # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
-        language: ['python']
+        language: ["python"]
         # Learn more...
         # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v3
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
@@ -0,0 +1,38 @@
+name: On Label added
+
+on:
+  workflow_run:
+    workflows: ["Record PR details"]
+    types:
+      - completed
+
+jobs:
+  get_pr_details:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    uses: ./.github/workflows/reusable_export_pr_details.yml
+    with:
+      record_pr_workflow_id: ${{ github.event.workflow_run.id }}
+      workflow_origin: ${{ github.event.repository.full_name }}
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
+
+  split-large-pr:
+    needs: get_pr_details
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v3
+      # Maintenance: Persist state per PR as an artifact to avoid spam on label add
+      - name: "Suggest split large Pull Request"
+        uses: actions/github-script@v6
+        env:
+          PR_NUMBER: ${{ needs.get_pr_details.outputs.prNumber }}
+          PR_ACTION: ${{ needs.get_pr_details.outputs.prAction }}
+          PR_AUTHOR: ${{ needs.get_pr_details.outputs.prAuthor }}
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const script = require('.github/scripts/comment_on_large_pr.js');
+            await script({github, context, core});
@@ -20,8 +20,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: "Debug workflow_run event"
-        run: echo "${{ github }}"
       - name: "Ensure related issue is present"
         uses: actions/github-script@v6
         env:
 
@@ -0,0 +1,35 @@
+name: Docs
+
+on:
+  push:
+    branches:
+      - develop
+    paths:
+      - "docs/**"
+      - "mkdocs.yml"
+      - "examples/**"
+
+jobs:
+  changelog:
+    permissions:
+      contents: write
+    uses: ./.github/workflows/reusable_publish_changelog.yml
+
+  release-docs:
+    needs: changelog
+    permissions:
+      contents: write
+      pages: write
+    uses: ./.github/workflows/reusable_publish_docs.yml
+    with:
+      version: develop
+      alias: stage
+# Maintenance: Only necessary in repo migration
+# - name: Create redirect from old docs
+#   run: |
+#     git checkout gh-pages
+#     test -f 404.html && echo "Redirect already set" && exit 0
+#     git checkout develop -- 404.html
+#     git add 404.html
+#     git commit -m "chore: set docs redirect" --no-verify
+#     git push origin gh-pages -f
@@ -0,0 +1,142 @@
+name: Publish to PyPi
+
+# RELEASE PROCESS
+#
+# === Manual activities ===
+#
+# 1. Edit the current draft release notes
+# 2. If not already set, use `v<new version>` as a tag, e.g., v1.26.4, and select develop as target branch
+#
+# === Automated activities ===
+#
+# 1. Extract release notes tag that was published
+# 2. Run tests, linting, security and complexity base line
+# 3. Bump package version and generate latest Changelog
+# 4. Publish package to PyPi test and prod repository
+# 5. Kick off SAR App pipeline to publish latest version with minimal and extra dependencies
+# 6. Builds and publish latest changelog from tip of the branch
+# 7. Builds a new user guide and API docs with release version; update /latest pointing to newly released version
+# 8. Close all issues labeled "pending-release" and notify customers about the release
+
+# See MAINTAINERS.md "Releasing a new version" for release mechanisms
+
+env:
+  BRANCH: develop
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      version_to_publish:
+        description: "Version to be released in PyPi, Docs, and Lambda Layer, e.g. v1.26.4"
+        default: v1.26.4
+        required: true
+      skip_pypi:
+        description: "Skip publishing to PyPi as it can't publish more than once. Useful for semi-failed releases"
+        default: false
+        type: boolean
+        required: false
+      skip_code_quality:
+        description: "Skip tests, linting, and baseline. Only use if release fail for reasons beyond our control and you need a quick release."
+        default: false
+        type: boolean
+        required: false
+
+jobs:
+  release:
+    environment: release
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    outputs:
+      RELEASE_VERSION: ${{ steps.release_version.outputs.RELEASE_VERSION }}
+    env:
+      RELEASE_TAG_VERSION: ${{ github.event.release.tag_name || inputs.version_to_publish }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Install poetry
+        run: pipx install poetry
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.8"
+          cache: "poetry"
+      - name: Set release notes tag
+        id: release_version
+        # transform tag format `v<version` to `<version`
+        run: |
+          RELEASE_VERSION="${RELEASE_TAG_VERSION:1}"
+          echo "RELEASE_VERSION=${RELEASE_VERSION}" >> "$GITHUB_ENV"
+          echo "::set-output name=RELEASE_VERSION::${RELEASE_VERSION}"
+      - name: Install dependencies
+        run: make dev
+      - name: Run all tests, linting and baselines
+        if: ${{ !inputs.skip_code_quality }}
+        run: make pr
+      - name: Bump package version
+        run: poetry version "${RELEASE_VERSION}"
+      - name: Build python package and wheel
+        if: ${{ !inputs.skip_pypi }}
+        run: poetry build
+      - name: Upload to PyPi test
+        if: ${{ !inputs.skip_pypi }}
+        run: make release-test
+        env:
+          PYPI_USERNAME: __token__
+          PYPI_TEST_TOKEN: ${{ secrets.PYPI_TEST_TOKEN }}
+      - name: Upload to PyPi prod
+        if: ${{ !inputs.skip_pypi }}
+        run: make release-prod
+        env:
+          PYPI_USERNAME: __token__
+          PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
+      - name: aws credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: eu-west-1
+          role-to-assume: ${{ secrets.AWS_SAR_ROLE_ARN }}
+      - name: publish lambda layer in SAR by triggering the internal codepipeline
+        run: |
+          aws ssm put-parameter --name "powertools-python-release-version" --value "$RELEASE_VERSION" --overwrite
+          aws codepipeline start-pipeline-execution --name ${{ secrets.AWS_SAR_PIPELINE_NAME }}
+
+  changelog:
+    needs: release
+    permissions:
+      contents: write
+    uses: ./.github/workflows/reusable_publish_changelog.yml
+
+  docs:
+    needs: [release, changelog]
+    permissions:
+      contents: write
+      pages: write
+    uses: ./.github/workflows/reusable_publish_docs.yml
+    with:
+      version: ${{ needs.release.outputs.RELEASE_VERSION }}
+      alias: latest
+      detached_mode: true
+
+  post_release:
+    needs: release
+    permissions:
+      contents: read
+      issues: write
+      discussions: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    env:
+      RELEASE_VERSION: ${{ needs.release.outputs.RELEASE_VERSION }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Close issues related to this release
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const post_release = require('.github/scripts/post_release.js')
+            await post_release({github, context, core})
@@ -10,6 +10,7 @@ on:
       - "mypy.ini"
     branches:
       - develop
+      - v2
   push:
     paths:
       - "aws_lambda_powertools/**"
@@ -19,6 +20,7 @@ on:
       - "mypy.ini"
     branches:
       - develop
+      - v2
 
 jobs:
   build:
@@ -28,7 +30,6 @@ jobs:
       matrix:
         python-version: [3.7, 3.8, 3.9]
     env:
-      OS: ${{ matrix.os }}
       PYTHON: ${{ matrix.python-version }}
     steps:
       - uses: actions/checkout@v3
@@ -55,7 +56,5 @@ jobs:
         uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # 3.1.0
         with:
           file: ./coverage.xml
-          # flags: unittests
-          env_vars: OS,PYTHON
+          env_vars: PYTHON
           name: aws-lambda-powertools-python-codecov
-          # fail_ci_if_error: true  # failing more consistently making CI unreliable despite all tests above passing