diff --git a/.github/workflows/build_changelog.yml b/.github/workflows/build_changelog.yml index b14c38c39a5..ffa6163ca03 100644 --- a/.github/workflows/build_changelog.yml +++ b/.github/workflows/build_changelog.yml @@ -17,8 +17,8 @@ on: # branches: # - develop schedule: - # Note: run daily at 7am UTC time until upstream git-chlog uses stable sorting - - cron: "0 7 * * *" + # Note: run daily at 10am UTC time until upstream git-chlog uses stable sorting + - cron: "0 10 * * *" permissions: contents: read diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml new file mode 100644 index 00000000000..6d4064e4b8e --- /dev/null +++ b/.github/workflows/pre-release.yml @@ -0,0 +1,278 @@ +name: Pre-Release + +# PRE-RELEASE PROCESS +# +# === Automated activities === +# +# 1. [Seal] Bump to release version and export source code with integrity hash +# 2. [Quality check] Restore sealed source code, run tests, linting, security and complexity base line +# 3. [Build] Restore sealed source code, create and export hashed build artifact for PyPi release (wheel, tarball) +# 4. [Provenance] Generates provenance for build, signs attestation with GitHub OIDC claims to confirm it came from this release pipeline, commit, org, repo, branch, hash, etc. +# 5. [Release] Restore built artifact, and publish package to PyPi prod repository +# 6. [PR to bump version] Restore sealed source code, and create a PR to update trunk with latest released project metadata + +# NOTE +# +# See MAINTAINERS.md "Releasing a new version" for release mechanisms +# +# Every job is isolated and starts a new fresh container. + +env: + RELEASE_COMMIT: ${{ github.sha }} + +on: + workflow_dispatch: + inputs: + skip_code_quality: + description: "Skip tests, linting, and baseline. Only use if release fail for reasons beyond our control and you need a quick release." + default: false + type: boolean + required: false + skip_pypi: + description: "Skip publishing to PyPi. Used for testing release steps." + default: false + type: boolean + required: false + schedule: + # Note: run daily at 8am UTC time + - cron: "0 8 * * *" + +permissions: + contents: read + +jobs: + + # This job bumps the package version to the pre-release version + # creates an integrity hash from the source code + # uploads the artifact with the integrity hash as the key name + # so subsequent jobs can restore from a trusted point in time to prevent tampering + seal: + # ignore forks + # if: github.repository == 'aws-powertools/powertools-lambda-python' + + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + integrity_hash: ${{ steps.seal_source_code.outputs.integrity_hash }} + artifact_name: ${{ steps.seal_source_code.outputs.artifact_name }} + RELEASE_VERSION: ${{ steps.release_version.outputs.RELEASE_VERSION }} + steps: + # NOTE: Different from prod release, we need both poetry and source code available in earlier steps to bump and verify. + + # We use a pinned version of Poetry to be certain it won't modify source code before we create a hash + - name: Install poetry + run: | + pipx install git+https://github.com/python-poetry/poetry@68b88e5390720a3dd84f02940ec5200bfce39ac6 # v1.5.0 + pipx inject poetry git+https://github.com/monim67/poetry-bumpversion@315fe3324a699fa12ec20e202eb7375d4327d1c4 # v0.3.1 + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ env.RELEASE_COMMIT }} + + - name: Export release version + id: release_version + run: | + RELEASE_VERSION="$(poetry version prerelease --short | head -n1 | tr -d '\n')" + + echo "RELEASE_VERSION=${RELEASE_VERSION}" >> "$GITHUB_OUTPUT" + + - name: Verifies pre-release version semantics + # verify pre-release semantics before proceeding to avoid versioning pollution + # e.g., 2.40.0a1 and 2.40.0b2 are valid while 2.40.0 is not + run: | + if [[ ! "$RELEASE_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+[a-b].*$ ]]; then + echo "Version $VERSION doesn't look like a pre-release version; aborting" + exit 1 + fi + env: + RELEASE_VERSION: ${{ steps.release_version.outputs.RELEASE_VERSION}} + + - name: Bump package version + id: versioning + run: poetry version "${RELEASE_VERSION}" + env: + RELEASE_VERSION: ${{ steps.release_version.outputs.RELEASE_VERSION}} + + - name: Seal and upload + id: seal_source_code + uses: ./.github/actions/seal + with: + artifact_name_prefix: "source" + + # This job runs our automated test suite, complexity and security baselines + # it ensures previously merged have been tested as part of the pull request process + # + # NOTE + # + # we don't upload the artifact after testing to prevent any tampering of our source code dependencies + quality_check: + needs: seal + runs-on: ubuntu-latest + permissions: + contents: read + steps: + # NOTE: we need actions/checkout to configure git first (pre-commit hooks in make dev) + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ env.RELEASE_COMMIT }} + + - name: Restore sealed source code + uses: ./.github/actions/seal-restore + with: + integrity_hash: ${{ needs.seal.outputs.integrity_hash }} + artifact_name: ${{ needs.seal.outputs.artifact_name }} + + - name: Debug cache restore + run: cat pyproject.toml + + - name: Install poetry + run: pipx install git+https://github.com/python-poetry/poetry@68b88e5390720a3dd84f02940ec5200bfce39ac6 # v1.5.0 + - name: Set up Python + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + python-version: "3.12" + cache: "poetry" + - name: Install dependencies + run: make dev + - name: Run all tests, linting and baselines + run: make pr + + # This job creates a release artifact (tar.gz, wheel) + # it checks out code from release commit for custom actions to work + # then restores the sealed source code (overwrites any potential tampering) + # it's done separately from release job to enforce least privilege. + # We export just the final build artifact for release + build: + runs-on: ubuntu-latest + needs: [quality_check, seal] + permissions: + contents: read + outputs: + integrity_hash: ${{ steps.seal_build.outputs.integrity_hash }} + artifact_name: ${{ steps.seal_build.outputs.artifact_name }} + attestation_hashes: ${{ steps.encoded_hash.outputs.attestation_hashes }} + steps: + # NOTE: we need actions/checkout to configure git first (pre-commit hooks in make dev) + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ env.RELEASE_COMMIT }} + + - name: Restore sealed source code + uses: ./.github/actions/seal-restore + with: + integrity_hash: ${{ needs.seal.outputs.integrity_hash }} + artifact_name: ${{ needs.seal.outputs.artifact_name }} + + - name: Install poetry + run: pipx install git+https://github.com/python-poetry/poetry@68b88e5390720a3dd84f02940ec5200bfce39ac6 # v1.5.0 + - name: Set up Python + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + python-version: "3.12" + cache: "poetry" + + - name: Build python package and wheel + run: poetry build + + - name: Seal and upload + id: seal_build + uses: ./.github/actions/seal + with: + artifact_name_prefix: "build" + files: "dist/" + + # NOTE: SLSA retraces our build to its artifact to ensure it wasn't tampered + # coupled with GitHub OIDC, SLSA can then confidently sign it came from this release pipeline+commit+branch+org+repo+actor+integrity hash + - name: Create attestation encoded hash for provenance + id: encoded_hash + working-directory: dist + run: echo "attestation_hashes=$(sha256sum ./* | base64 -w0)" >> "$GITHUB_OUTPUT" + + # This job creates a provenance file that describes how our release was built (all steps) + # after it verifies our build is reproducible within the same pipeline + # it confirms that its own software and the CI build haven't been tampered with (Trust but verify) + # lastly, it creates and sign an attestation (multiple.intoto.jsonl) that confirms + # this build artifact came from this GitHub org, branch, actor, commit ID, inputs that triggered this pipeline, and matches its integrity hash + # NOTE: supply chain threats review (we protect against all of them now): https://slsa.dev/spec/v1.0/threats-overview + provenance: + needs: [seal, build] + permissions: + contents: write # nested job explicitly require despite upload assets being set to false + actions: read # To read the workflow path. + id-token: write # To sign the provenance. + # NOTE: provenance fails if we use action pinning... it's a Github limitation + # because SLSA needs to trace & attest it came from a given branch; pinning doesn't expose that information + # https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#referencing-the-slsa-generator + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 + with: + base64-subjects: ${{ needs.build.outputs.attestation_hashes }} + upload-assets: false # we upload its attestation in create_tag job, otherwise it creates a new release + + # This job uses release artifact to publish to PyPi + # it exchanges JWT tokens with GitHub to obtain PyPi credentials + # since it's already registered as a Trusted Publisher. + # It uses the sealed build artifact (.whl, .tar.gz) to release it + release: + needs: [build, seal, provenance] + environment: release + runs-on: ubuntu-latest + permissions: + id-token: write # OIDC for PyPi Trusted Publisher feature + env: + RELEASE_VERSION: ${{ needs.seal.outputs.RELEASE_VERSION }} + steps: + # NOTE: we need actions/checkout in order to use our local actions (e.g., ./.github/actions) + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ env.RELEASE_COMMIT }} + + - name: Restore sealed source code + uses: ./.github/actions/seal-restore + with: + integrity_hash: ${{ needs.build.outputs.integrity_hash }} + artifact_name: ${{ needs.build.outputs.artifact_name }} + + - name: Upload to PyPi prod + if: ${{ !inputs.skip_pypi }} + uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14 + + # Creates a PR with the latest version we've just released + # since our trunk is protected against any direct pushes from automation + bump_version: + needs: [release, seal, provenance] + permissions: + contents: write # create-pr action creates a temporary branch + pull-requests: write # create-pr action creates a PR using the temporary branch + runs-on: ubuntu-latest + steps: + # NOTE: we need actions/checkout to authenticate and configure git first + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + ref: ${{ env.RELEASE_COMMIT }} + + - name: Restore sealed source code + uses: ./.github/actions/seal-restore + with: + integrity_hash: ${{ needs.seal.outputs.integrity_hash }} + artifact_name: ${{ needs.seal.outputs.artifact_name }} + + - name: Download provenance + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + with: + name: ${{needs.provenance.outputs.provenance-name}} + + - name: Update provenance + run: mkdir -p "${PROVENANCE_DIR}" && mv "${PROVENANCE_FILE}" "${PROVENANCE_DIR}/" + env: + PROVENANCE_FILE: ${{ needs.provenance.outputs.provenance-name }} + PROVENANCE_DIR: provenance/${{ needs.seal.outputs.RELEASE_VERSION}} + + - name: Create PR + id: create-pr + uses: ./.github/actions/create-pr + with: + files: "pyproject.toml aws_lambda_powertools/shared/version.py provenance/" + temp_branch_prefix: "ci-bump" + pull_request_title: "chore(ci): new pre-release ${{ needs.seal.outputs.RELEASE_VERSION }}" + github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/aws_lambda_powertools/shared/version.py b/aws_lambda_powertools/shared/version.py index 1f466dc805c..24f86ee3474 100644 --- a/aws_lambda_powertools/shared/version.py +++ b/aws_lambda_powertools/shared/version.py @@ -1,3 +1,3 @@ """Exposes version constant to avoid circular dependencies.""" -VERSION = "2.39.1" +VERSION = "2.39.2a0" diff --git a/provenance/2.39.2a0/multiple.intoto.jsonl b/provenance/2.39.2a0/multiple.intoto.jsonl new file mode 100644 index 00000000000..7ad0a6104d1 --- /dev/null +++ b/provenance/2.39.2a0/multiple.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiIuL2F3c19sYW1iZGFfcG93ZXJ0b29scy0yLjM5LjJhMC1weTMtbm9uZS1hbnkud2hsIiwiZGlnZXN0Ijp7InNoYTI1NiI6IjAwMTYyODRjMmY0MTRmNWM2NTg4MDlhZTM1MGJiNDRkYzZmYWUxNzZiODYzMDg3NTA0ZjgzYjQ5Y2E0NGU3NTEifX0seyJuYW1lIjoiLi9hd3NfbGFtYmRhX3Bvd2VydG9vbHMtMi4zOS4yYTAudGFyLmd6IiwiZGlnZXN0Ijp7InNoYTI1NiI6IjY2OTViM2FiMjY4MjVlYTRjYmFmNTExOGVlOTA4Nzk5NTVlZDQ5NzY1MjcxMTYwYmQxNGJhM2FhYTMzNmM0MWEifX1dLCJwcmVkaWNhdGUiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvZ2VuZXJhdG9yX2dlbmVyaWNfc2xzYTMueW1sQHJlZnMvdGFncy92Mi4wLjAifSwiYnVpbGRUeXBlIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci9nZW5lcmljQHYxIiwiaW52b2NhdGlvbiI6eyJjb25maWdTb3VyY2UiOnsidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uQHJlZnMvaGVhZHMvZGV2ZWxvcCIsImRpZ2VzdCI6eyJzaGExIjoiMGJlNTJiYmFiNzIxN2U0YjlkMDNhZTQ4MzhmY2I3YzhkMGEwYjk5OCJ9LCJlbnRyeVBvaW50IjoiLmdpdGh1Yi93b3JrZmxvd3MvcHJlLXJlbGVhc2UueW1sIn0sInBhcmFtZXRlcnMiOnsiZXZlbnRfaW5wdXRzIjp7InNraXBfY29kZV9xdWFsaXR5IjoiZmFsc2UiLCJza2lwX3B5cGkiOiJ0cnVlIn19LCJlbnZpcm9ubWVudCI6eyJnaXRodWJfYWN0b3IiOiJoZWl0b3JsZXNzYSIsImdpdGh1Yl9hY3Rvcl9pZCI6IjMzNDAyOTIiLCJnaXRodWJfYmFzZV9yZWYiOiIiLCJnaXRodWJfZXZlbnRfbmFtZSI6IndvcmtmbG93X2Rpc3BhdGNoIiwiZ2l0aHViX2V2ZW50X3BheWxvYWQiOnsiaW5wdXRzIjp7InNraXBfY29kZV9xdWFsaXR5IjoiZmFsc2UiLCJza2lwX3B5cGkiOiJ0cnVlIn0sInJlZiI6InJlZnMvaGVhZHMvZGV2ZWxvcCIsInJlcG9zaXRvcnkiOnsiYWxsb3dfZm9ya2luZyI6dHJ1ZSwiYXJjaGl2ZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24ve2FyY2hpdmVfZm9ybWF0fXsvcmVmfSIsImFyY2hpdmVkIjpmYWxzZSwiYXNzaWduZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbi9hc3NpZ25lZXN7L3VzZXJ9IiwiYmxvYnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uL2dpdC9ibG9ic3svc2hhfSIsImJyYW5jaGVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbi9icmFuY2hlc3svYnJhbmNofSIsImNsb25lX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uLmdpdCIsImNvbGxhYm9yYXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uL2NvbGxhYm9yYXRvcnN7L2NvbGxhYm9yYXRvcn0iLCJjb21tZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24vY29tbWVudHN7L251bWJlcn0iLCJjb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbi9jb21taXRzey9zaGF9IiwiY29tcGFyZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24vY29tcGFyZS97YmFzZX0uLi57aGVhZH0iLCJjb250ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24vY29udGVudHMveytwYXRofSIsImNvbnRyaWJ1dG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24vY29udHJpYnV0b3JzIiwiY3JlYXRlZF9hdCI6IjIwMjAtMDUtMjdUMDg6NDY6MDlaIiwiZGVmYXVsdF9icmFuY2giOiJkZXZlbG9wIiwiZGVwbG95bWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uL2RlcGxveW1lbnRzIiwiZGVzY3JpcHRpb24iOiJBIHN1aXRlIG9mIHV0aWxpdGllcyBmb3IgQVdTIExhbWJkYSBGdW5jdGlvbnMgdGhhdCBtYWtlcyB0cmFjaW5nIHdpdGggQVdTIFgtUmF5LCBzdHJ1Y3R1cmVkIGxvZ2dpbmcgYW5kIGNyZWF0aW5nIGN1c3RvbSBtZXRyaWNzIGFzeW5jaHJvbm91c2x5IGVhc2llciIsImRpc2FibGVkIjpmYWxzZSwiZG93bmxvYWRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbi9kb3dubG9hZHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uL2V2ZW50cyIsImZvcmsiOnRydWUsImZvcmtzIjowLCJmb3Jrc19jb3VudCI6MCwiZm9ya3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uL2ZvcmtzIiwiZnVsbF9uYW1lIjoiaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbiIsImdpdF9jb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbi9naXQvY29tbWl0c3svc2hhfSIsImdpdF9yZWZzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbi9naXQvcmVmc3svc2hhfSIsImdpdF90YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbi9naXQvdGFnc3svc2hhfSIsImdpdF91cmwiOiJnaXQ6Ly9naXRodWIuY29tL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24uZ2l0IiwiaGFzX2Rpc2N1c3Npb25zIjpmYWxzZSwiaGFzX2Rvd25sb2FkcyI6dHJ1ZSwiaGFzX2lzc3VlcyI6ZmFsc2UsImhhc19wYWdlcyI6dHJ1ZSwiaGFzX3Byb2plY3RzIjp0cnVlLCJoYXNfd2lraSI6ZmFsc2UsImhvbWVwYWdlIjoiaHR0cHM6Ly9hd3NsYWJzLmdpdGh1Yi5pby9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uLyIsImhvb2tzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbi9ob29rcyIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24iLCJpZCI6MjY3MjY3NjY3LCJpc190ZW1wbGF0ZSI6ZmFsc2UsImlzc3VlX2NvbW1lbnRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uL2lzc3Vlcy9jb21tZW50c3svbnVtYmVyfSIsImlzc3VlX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24vaXNzdWVzL2V2ZW50c3svbnVtYmVyfSIsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24vaXNzdWVzey9udW1iZXJ9Iiwia2V5c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24va2V5c3sva2V5X2lkfSIsImxhYmVsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24vbGFiZWxzey9uYW1lfSIsImxhbmd1YWdlIjoiUHl0aG9uIiwibGFuZ3VhZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbi9sYW5ndWFnZXMiLCJsaWNlbnNlIjp7ImtleSI6Im1pdC0wIiwibmFtZSI6Ik1JVCBObyBBdHRyaWJ1dGlvbiIsIm5vZGVfaWQiOiJNRGM2VEdsalpXNXpaVFF4Iiwic3BkeF9pZCI6Ik1JVC0wIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9saWNlbnNlcy9taXQtMCJ9LCJtZXJnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uL21lcmdlcyIsIm1pbGVzdG9uZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uL21pbGVzdG9uZXN7L251bWJlcn0iLCJtaXJyb3JfdXJsIjpudWxsLCJuYW1lIjoiYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbiIsIm5vZGVfaWQiOiJNREV3T2xKbGNHOXphWFJ2Y25reU5qY3lOamMyTmpjPSIsIm5vdGlmaWNhdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uL25vdGlmaWNhdGlvbnN7P3NpbmNlLGFsbCxwYXJ0aWNpcGF0aW5nfSIsIm9wZW5faXNzdWVzIjoxNiwib3Blbl9pc3N1ZXNfY291bnQiOjE2LCJvd25lciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzMzNDAyOTI/dj00IiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaGVpdG9ybGVzc2EvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2hlaXRvcmxlc3NhL2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2hlaXRvcmxlc3NhL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2hlaXRvcmxlc3NhL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vaGVpdG9ybGVzc2EiLCJpZCI6MzM0MDI5MiwibG9naW4iOiJoZWl0b3JsZXNzYSIsIm5vZGVfaWQiOiJNRFE2VlhObGNqTXpOREF5T1RJPSIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9oZWl0b3JsZXNzYS9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaGVpdG9ybGVzc2EvcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9oZWl0b3JsZXNzYS9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaGVpdG9ybGVzc2Evc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9oZWl0b3JsZXNzYS9zdWJzY3JpcHRpb25zIiwidHlwZSI6IlVzZXIiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2hlaXRvcmxlc3NhIn0sInByaXZhdGUiOmZhbHNlLCJwdWxsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24vcHVsbHN7L251bWJlcn0iLCJwdXNoZWRfYXQiOiIyMDI0LTA2LTE3VDEyOjI1OjUyWiIsInJlbGVhc2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbi9yZWxlYXNlc3svaWR9Iiwic2l6ZSI6NTQ4NzEsInNzaF91cmwiOiJnaXRAZ2l0aHViLmNvbTpoZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uLmdpdCIsInN0YXJnYXplcnNfY291bnQiOjIsInN0YXJnYXplcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uL3N0YXJnYXplcnMiLCJzdGF0dXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24vc3RhdHVzZXMve3NoYX0iLCJzdWJzY3JpYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24vc3Vic2NyaWJlcnMiLCJzdWJzY3JpcHRpb25fdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uL3N1YnNjcmlwdGlvbiIsInN2bl91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbiIsInRhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uL3RhZ3MiLCJ0ZWFtc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24vdGVhbXMiLCJ0b3BpY3MiOltdLCJ0cmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2hlaXRvcmxlc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24vZ2l0L3RyZWVzey9zaGF9IiwidXBkYXRlZF9hdCI6IjIwMjQtMDYtMTdUMTI6MjU6NTVaIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9oZWl0b3JsZXNzYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uIiwidmlzaWJpbGl0eSI6InB1YmxpYyIsIndhdGNoZXJzIjoyLCJ3YXRjaGVyc19jb3VudCI6Miwid2ViX2NvbW1pdF9zaWdub2ZmX3JlcXVpcmVkIjpmYWxzZX0sInNlbmRlciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzMzNDAyOTI/dj00IiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaGVpdG9ybGVzc2EvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2hlaXRvcmxlc3NhL2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2hlaXRvcmxlc3NhL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2hlaXRvcmxlc3NhL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vaGVpdG9ybGVzc2EiLCJpZCI6MzM0MDI5MiwibG9naW4iOiJoZWl0b3JsZXNzYSIsIm5vZGVfaWQiOiJNRFE2VlhObGNqTXpOREF5T1RJPSIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9oZWl0b3JsZXNzYS9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaGVpdG9ybGVzc2EvcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9oZWl0b3JsZXNzYS9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaGVpdG9ybGVzc2Evc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9oZWl0b3JsZXNzYS9zdWJzY3JpcHRpb25zIiwidHlwZSI6IlVzZXIiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2hlaXRvcmxlc3NhIn0sIndvcmtmbG93IjoiLmdpdGh1Yi93b3JrZmxvd3MvcHJlLXJlbGVhc2UueW1sIn0sImdpdGh1Yl9oZWFkX3JlZiI6IiIsImdpdGh1Yl9yZWYiOiJyZWZzL2hlYWRzL2RldmVsb3AiLCJnaXRodWJfcmVmX3R5cGUiOiJicmFuY2giLCJnaXRodWJfcmVwb3NpdG9yeV9pZCI6IjI2NzI2NzY2NyIsImdpdGh1Yl9yZXBvc2l0b3J5X293bmVyIjoiaGVpdG9ybGVzc2EiLCJnaXRodWJfcmVwb3NpdG9yeV9vd25lcl9pZCI6IjMzNDAyOTIiLCJnaXRodWJfcnVuX2F0dGVtcHQiOiIxIiwiZ2l0aHViX3J1bl9pZCI6Ijk1NDc2MzM2MjgiLCJnaXRodWJfcnVuX251bWJlciI6IjgiLCJnaXRodWJfc2hhMSI6IjBiZTUyYmJhYjcyMTdlNGI5ZDAzYWU0ODM4ZmNiN2M4ZDBhMGI5OTgifX0sIm1ldGFkYXRhIjp7ImJ1aWxkSW52b2NhdGlvbklEIjoiOTU0NzYzMzYyOC0xIiwiY29tcGxldGVuZXNzIjp7InBhcmFtZXRlcnMiOnRydWUsImVudmlyb25tZW50IjpmYWxzZSwibWF0ZXJpYWxzIjpmYWxzZX0sInJlcHJvZHVjaWJsZSI6ZmFsc2V9LCJtYXRlcmlhbHMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbkByZWZzL2hlYWRzL2RldmVsb3AiLCJkaWdlc3QiOnsic2hhMSI6IjBiZTUyYmJhYjcyMTdlNGI5ZDAzYWU0ODM4ZmNiN2M4ZDBhMGI5OTgifX1dfX0=","signatures":[{"keyid":"","sig":"MEUCIA7/5WWCr1qEbJafRiT+BxI9SKZlF/Aqaecvj/iry1c9AiEA1Lp2G2DarxSCMVDPnzt/b3msrfbxA7LB3IpCdc3G5WU=","cert":"-----BEGIN CERTIFICATE-----\nMIIHdjCCBvygAwIBAgIUM4ej9PBZfL1K+f5afsXKWB8rScAwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjQwNjE3MTIzMjAxWhcNMjQwNjE3MTI0MjAxWjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAEWY8SpKVWnKslzVZcTlRgFPVkk7H+gxyWDJtq\neMRpZKTHgJ2AfBr9Xk9rs7kg+SyK8MqvfFnFnC5EXXHvKwwIuqOCBhswggYXMA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUcWqI\nm1BEaMY6ZZ/D1Joj85FNIQowHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wgYQGA1UdEQEB/wR6MHiGdmh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1l\nd29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvZ2Vu\nZXJhdG9yX2dlbmVyaWNfc2xzYTMueW1sQHJlZnMvdGFncy92Mi4wLjAwOQYKKwYB\nBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50\nLmNvbTAfBgorBgEEAYO/MAECBBF3b3JrZmxvd19kaXNwYXRjaDA2BgorBgEEAYO/\nMAEDBCgwYmU1MmJiYWI3MjE3ZTRiOWQwM2FlNDgzOGZjYjdjOGQwYTBiOTk4MBkG\nCisGAQQBg78wAQQEC1ByZS1SZWxlYXNlMDYGCisGAQQBg78wAQUEKGhlaXRvcmxl\nc3NhL2F3cy1sYW1iZGEtcG93ZXJ0b29scy1weXRob24wIAYKKwYBBAGDvzABBgQS\ncmVmcy9oZWFkcy9kZXZlbG9wMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tl\nbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTCBhgYKKwYBBAGDvzABCQR4\nDHZodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWIt\nZ2VuZXJhdG9yLy5naXRodWIvd29ya2Zsb3dzL2dlbmVyYXRvcl9nZW5lcmljX3Ns\nc2EzLnltbEByZWZzL3RhZ3MvdjIuMC4wMDgGCisGAQQBg78wAQoEKgwoNWE3NzVi\nMzY3YTU2ZDViZDExOGEyMjRhODExYmJhMjg4MTUwYTU2MzAdBgorBgEEAYO/MAEL\nBA8MDWdpdGh1Yi1ob3N0ZWQwSwYKKwYBBAGDvzABDAQ9DDtodHRwczovL2dpdGh1\nYi5jb20vaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dlcnRvb2xzLXB5dGhvbjA4\nBgorBgEEAYO/MAENBCoMKDBiZTUyYmJhYjcyMTdlNGI5ZDAzYWU0ODM4ZmNiN2M4\nZDBhMGI5OTgwIgYKKwYBBAGDvzABDgQUDBJyZWZzL2hlYWRzL2RldmVsb3AwGQYK\nKwYBBAGDvzABDwQLDAkyNjcyNjc2NjcwLgYKKwYBBAGDvzABEAQgDB5odHRwczov\nL2dpdGh1Yi5jb20vaGVpdG9ybGVzc2EwFwYKKwYBBAGDvzABEQQJDAczMzQwMjky\nMIGABgorBgEEAYO/MAESBHIMcGh0dHBzOi8vZ2l0aHViLmNvbS9oZWl0b3JsZXNz\nYS9hd3MtbGFtYmRhLXBvd2VydG9vbHMtcHl0aG9uLy5naXRodWIvd29ya2Zsb3dz\nL3ByZS1yZWxlYXNlLnltbEByZWZzL2hlYWRzL2RldmVsb3AwOAYKKwYBBAGDvzAB\nEwQqDCgwYmU1MmJiYWI3MjE3ZTRiOWQwM2FlNDgzOGZjYjdjOGQwYTBiOTk4MCEG\nCisGAQQBg78wARQEEwwRd29ya2Zsb3dfZGlzcGF0Y2gwbgYKKwYBBAGDvzABFQRg\nDF5odHRwczovL2dpdGh1Yi5jb20vaGVpdG9ybGVzc2EvYXdzLWxhbWJkYS1wb3dl\ncnRvb2xzLXB5dGhvbi9hY3Rpb25zL3J1bnMvOTU0NzYzMzYyOC9hdHRlbXB0cy8x\nMBYGCisGAQQBg78wARYECAwGcHVibGljMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA\n3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGQJi7SrQAABAMARjBE\nAiBK+weakiJBqVFuvCqqs+aDIeCT3qzfqzK9+bEO+KLqXwIgLHqS9EVvpmco41uf\nAMK/yle4T9BLsnOCeXesQZWc1mwwCgYIKoZIzj0EAwMDaAAwZQIxAM1SaeQ8WJoA\nGhBb5sBYQNIHTa1+b9DvTQiamY/k97Jyf2Gx54hI2ahlUwxGsU/r/QIwB4hV6ISc\n96G/uGLaqdmu7h+T3L2QePQOe980knox8dgK3vd9el9Onu8p2ZhSbdie\n-----END CERTIFICATE-----\n"}]} \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index 35c0bd4808a..e7b39674b24 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "aws_lambda_powertools" -version = "2.39.1" +version = "2.39.2a0" description = "Powertools for AWS Lambda (Python) is a developer toolkit to implement Serverless best practices and increase developer velocity." authors = ["Amazon Web Services"] include = ["aws_lambda_powertools/py.typed", "THIRD-PARTY-LICENSES"]