Merge branch 'awslabs:develop' into develop

Author: am29d

.github/boring-cyborg.yml

@@ -1,10 +1,5 @@
 ##### Labeler ##########################################################################################################
 labelPRBasedOnFilePath:
-  area/utilities:
-    - aws_lambda_powertools/utilities/*
-    - aws_lambda_powertools/utilities/**/*
-    - aws_lambda_powertools/middleware_factory/*
-    - aws_lambda_powertools/middleware_factory/**/*
   area/logger:
     - aws_lambda_powertools/logging/*
     - aws_lambda_powertools/logging/**/*
@@ -42,6 +37,13 @@ labelPRBasedOnFilePath:
   area/feature_flags:
     - aws_lambda_powertools/feature_flags/*
     - aws_lambda_powertools/feature_flags/**/*
+  area/jmespath_util:
+    - aws_lambda_powertools/utilities/jmespath_utils/*
+  area/utilities:
+    - aws_lambda_powertools/utilities/*
+    - aws_lambda_powertools/utilities/**/*
+    - aws_lambda_powertools/middleware_factory/*
+    - aws_lambda_powertools/middleware_factory/**/*
 
   documentation:
     - docs/*

.github/mergify.yml

@@ -1,28 +1,29 @@
+queue_rules:
+  - name: default
+    conditions:
+      # Conditions to get out of the queue (= merged)
+      - check-success=Semantic Pull Request
+      - "#approved-reviews-by>=1"
+      - -title~=(WIP|wip)
+      - -label~="do-not-merge"
+      - "#changes-requested-reviews-by=0"
+
 pull_request_rules:
   - name: automatic merge for Dependabot pull requests
     conditions:
       - author~=^dependabot(|-preview)\[bot\]$
-#       - check-success=build  # matrix jobs aren't working in mergify
-      - -label~="do-not-merge"
-      - "#approved-reviews-by>=1"  # until we exclude major versions in dependabot
     actions:
-      merge:
-        strict: false
+      queue:
+        name: default
         method: squash
         commit_message: title+body
 
   - name: Automatic merge ⬇️ on approval ✔
     conditions:
       - base!=master
-      - "#approved-reviews-by>=1"
-      - "#changes-requested-reviews-by=0"
-      - -title~=(WIP|wip)
-#       - check-success=build  # matrix jobs aren't working in mergify
-      - check-success=Semantic Pull Request
-      - body~=(?m)^\[X\] Meet tenets criteria
+      - "#approved-reviews-by>=2"
     actions:
-      merge:
-        strict: smart
+      queue:
+        name: default
         method: squash
-        strict_method: merge
         commit_message: title+body

.github/workflows/codeql-analysis.yml

@@ -3,10 +3,6 @@ name: "CodeQL"
 on:
   push:
     branches: [develop]
-  pull_request:
-    branches: [develop]
-  schedule:
-    - cron: '0 21 * * 0'
 
 jobs:
   analyze:
@@ -24,7 +20,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/label_pr_on_title.yml

@@ -0,0 +1,87 @@
+name: Label PR based on title
+
+on:
+  workflow_run:
+    workflows: ["Record PR number"]
+    types:
+      - completed
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+    # Guardrails to only ever run if PR recording workflow was indeed
+    # run in a PR event and ran successfully
+    if: >
+      ${{ github.event.workflow_run.event == 'pull_request' &&
+      github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - name: 'Download artifact'
+        uses: actions/github-script@v6
+        # For security, we only download artifacts tied to the successful PR recording workflow
+        with:
+          script: |
+            const fs = require('fs');
+
+            const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: ${{github.event.workflow_run.id }},
+            });
+
+            const matchArtifact = artifacts.data.artifacts.filter(artifact => artifact.name == "pr")[0];
+
+            const artifact = await github.rest.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+
+            fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(artifact.data));
+      # NodeJS standard library doesn't provide ZIP capabilities; use system `unzip` command instead
+      - run: unzip pr.zip
+
+      - name: 'Label PR based on title'
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          # This safely runs in our base repo, not on fork
+          # thus allowing us to provide a write access token to label based on PR title
+          # and label PR based on semantic title accordingly
+          script: |
+            const fs = require('fs');
+            const pr_number = Number(fs.readFileSync('./number'));
+            const pr_title = fs.readFileSync('./title', 'utf-8').trim();
+
+            const FEAT_REGEX = /feat(\((.+)\))?(\:.+)/
+            const BUG_REGEX = /(fix|bug)(\((.+)\))?(\:.+)/
+            const DOCS_REGEX = /(docs|doc)(\((.+)\))?(\:.+)/
+            const CHORE_REGEX = /(chore)(\((.+)\))?(\:.+)/
+            const DEPRECATED_REGEX = /(deprecated)(\((.+)\))?(\:.+)/
+            const REFACTOR_REGEX = /(refactor)(\((.+)\))?(\:.+)/
+
+            const labels = {
+                "feature": FEAT_REGEX,
+                "bug": BUG_REGEX,
+                "documentation": DOCS_REGEX,
+                "internal": CHORE_REGEX,
+                "enhancement": REFACTOR_REGEX,
+                "deprecated": DEPRECATED_REGEX,
+            }
+
+            for (const label in labels) {
+                const matcher = new RegExp(labels[label])
+                const isMatch = matcher.exec(pr_title)
+                if (isMatch != null) {
+                    console.info(`Auto-labeling PR ${pr_number} with ${label}`)
+
+                    await github.rest.issues.addLabels({
+                      issue_number: pr_number,
+                      owner: context.repo.owner,
+                      repo: context.repo.repo,
+                      labels: [label]
+                    })
+
+                    break
+                }
+            }

.github/workflows/post_release.js

@@ -0,0 +1,112 @@
+const STAGED_LABEL = "status/staged-next-release";
+
+/**
+ * Fetch issues using GitHub REST API
+ *
+ * @param {object} gh_client - Pre-authenticated REST client (Octokit)
+ * @param {string} org - GitHub Organization
+ * @param {string} repository - GitHub repository
+ * @param {string} state - GitHub issue state (open, closed)
+ * @param {string} label - Comma-separated issue labels to fetch
+ * @return {Object[]} issues - Array of issues matching params
+ * @see {@link https://octokit.github.io/rest.js/v18#usage|Octokit client}
+ */
+const fetchIssues = async ({
+	gh_client,
+	org,
+	repository,
+	state = "open",
+	label = STAGED_LABEL,
+}) => {
+
+	try {
+		const { data: issues } = await gh_client.rest.issues.listForRepo({
+			owner: org,
+			repo: repository,
+			state: state,
+			labels: label,
+		});
+
+		return issues;
+
+	} catch (error) {
+		console.error(error);
+		throw new Error("Failed to fetch issues")
+	}
+
+};
+
+/**
+ * Notify new release and close staged GitHub issue
+ *
+ * @param {object} gh_client - Pre-authenticated REST client (Octokit)
+ * @param {string} owner - GitHub Organization
+ * @param {string} repository - GitHub repository
+ * @param {string} release_version - GitHub Release version
+ * @see {@link https://octokit.github.io/rest.js/v18#usage|Octokit client}
+ */
+const notifyRelease = async ({
+	gh_client,
+	owner,
+	repository,
+	release_version,
+}) => {
+	const release_url = `https://github.com/${owner}/${repository}/releases/tag/v${release_version}`;
+
+	const issues = await fetchIssues({
+		gh_client: gh_client,
+		org: owner,
+		repository: repository,
+	});
+
+	issues.forEach(async (issue) => {
+		console.info(`Updating issue number ${issue.number}`);
+
+		const comment = `This is now released under [${release_version}](${release_url}) version!`;
+		try {
+			await gh_client.rest.issues.createComment({
+				owner: owner,
+				repo: repository,
+				body: comment,
+				issue_number: issue.number,
+			});
+		} catch (error) {
+			console.error(error);
+			throw new Error(`Failed to update issue ${issue.number} about ${release_version} release`)
+		}
+
+
+		// Close issue and remove staged label; keep existing ones
+		const labels = issue.labels
+			.filter((label) => label.name != STAGED_LABEL)
+			.map((label) => label.name);
+
+		try {
+			await gh_client.rest.issues.update({
+				repo: repository,
+				owner: owner,
+				issue_number: issue.number,
+				state: "closed",
+				labels: labels,
+			});
+		} catch (error) {
+			console.error(error);
+			throw new Error("Failed to close issue")
+		}
+
+		console.info(`Issue number ${issue.number} closed and updated`);
+	});
+};
+
+// context: https://github.com/actions/toolkit/blob/main/packages/github/src/context.ts
+module.exports = async ({ github, context }) => {
+	const { RELEASE_TAG_VERSION } = process.env;
+	console.log(`Running post-release script for ${RELEASE_TAG_VERSION} version`);
+
+	await notifyRelease({
+		gh_client: github,
+		owner: context.repo.owner,
+		repository: context.repo.repo,
+		release_version: RELEASE_TAG_VERSION,
+	});
+};

.github/workflows/publish.yml

@@ -22,6 +22,7 @@ name: Publish to PyPi
 # 8. Builds a fresh version of docs including Changelog updates
 # 9. Push latest release source code to master using release title as the commit message
 # 10. Builds latest documentation for new release, and update latest alias pointing to the new release tag
+# 11. Close and notify all issues labeled "status/staged-next-release" about the release details
 
 #
 # === Fallback mechanism due to external failures ===
@@ -44,11 +45,11 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
       with:
         fetch-depth: 0
     - name: Set up Python
-      uses: actions/setup-python@v2.3.1
+      uses: actions/setup-python@v3
       with:
         python-version: "3.8"
     - name: Set release notes tag
@@ -107,12 +108,18 @@ jobs:
         publish_dir: ./api
         keep_files: true
         destination_dir: latest/api
+    - name: Close issues related to this release
+      uses: actions/github-script@v6
+      with:
+        script: |
+          const post_release = require('.github/workflows/post_release.js')
+          await post_release({github, context, core})
 
   sync_master:
     needs: release
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Sync master from detached head
       # If version matches CHANGELOG and pyproject.toml
       # If it passes all checks, successfully releases to test and prod

.github/workflows/python_build.yml

@@ -21,15 +21,17 @@ jobs:
       OS: ${{ matrix.os }}
       PYTHON: ${{ matrix.python-version }}
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v2.3.1
+        uses: actions/setup-python@v3
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies
         run: make dev
       - name: Formatting and Linting
         run: make lint
+      - name: Static type checking
+        run: make mypy
       - name: Test with pytest
         run: make test
       - name: Security baseline

.github/workflows/python_docs.yml

@@ -13,11 +13,11 @@ jobs:
   docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Set up Python
-        uses: actions/setup-python@v2.3.1
+        uses: actions/setup-python@v3
         with:
           python-version: "3.8"
       - name: Install dependencies

.github/workflows/rebuild_latest_docs.yml

@@ -21,11 +21,11 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
       with:
         fetch-depth: 0
     - name: Set up Python
-      uses: actions/setup-python@v2.3.1
+      uses: actions/setup-python@v3
       with:
         python-version: "3.8"
     - name: Set release notes tag