Merge branch 'develop' of https://github.com/aws-powertools/powertools-lambda-python into aws-powertools-develop

Author: seshubaws

.chglog/config.yml

@@ -2,7 +2,7 @@ style: github
 template: CHANGELOG.tpl.md
 info:
   title: CHANGELOG
-  repository_url: https://github.com/awslabs/aws-lambda-powertools-python
+  repository_url: https://github.com/aws-powertools/powertools-lambda-python
 options:
   commits:
     filters:

.github/CODEOWNERS

@@ -1,3 +1,3 @@
 # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
 
-* @awslabs/aws-lambda-powertools-python
+* @aws-powertools/lambda-python-core

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -8,7 +8,7 @@ body:
       value: |
         Thank you for submitting a bug report. Please add as much information as possible to help us reproduce, and remove any potential sensitive data.
 
-        Please become familiar with [our definition of bug](https://github.com/awslabs/aws-lambda-powertools-python/blob/develop/MAINTAINERS.md#is-that-a-bug).
+        Please become familiar with [our definition of bug](https://github.com/aws-powertools/powertools-lambda-python/blob/develop/MAINTAINERS.md#is-that-a-bug).
   - type: textarea
     id: expected_behaviour
     attributes:
@@ -62,6 +62,7 @@ body:
         - "3.8"
         - "3.9"
         - "3.10"
+        - "3.11"
     validations:
       required: true
   - type: dropdown
@@ -79,7 +80,7 @@ body:
     id: logs
     attributes:
       label: Debugging logs
-      description: If available, please share [debugging logs](https://awslabs.github.io/aws-lambda-powertools-python/#debug-mode)
+      description: If available, please share [debugging logs](https://docs.powertools.aws.dev/lambda/python/#debug-mode)
       render: python
     validations:
       required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +1,5 @@
 blank_issues_enabled: false
 contact_links:
   - name: Ask a question
-    url: https://github.com/awslabs/aws-lambda-powertools-python/discussions/new
+    url: https://github.com/aws-powertools/powertools-lambda-python/discussions/new
     about: Ask a general question about Lambda Powertools

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -36,9 +36,9 @@ body:
     attributes:
       label: Acknowledgment
       options:
-        - label: This feature request meets [Powertools for AWS Lambda (Python) Tenets](https://awslabs.github.io/aws-lambda-powertools-python/latest/#tenets)
+        - label: This feature request meets [Powertools for AWS Lambda (Python) Tenets](https://docs.powertools.aws.dev/lambda/python/latest/#tenets)
           required: true
-        - label: Should this be considered in other Powertools for AWS Lambda languages? i.e. [Java](https://github.com/awslabs/aws-lambda-powertools-java/), [TypeScript](https://github.com/awslabs/aws-lambda-powertools-typescript/), and [.NET](https://github.com/awslabs/aws-lambda-powertools-dotnet/)
+        - label: Should this be considered in other Powertools for AWS Lambda languages? i.e. [Java](https://github.com/aws-powertools/powertools-lambda-java/), [TypeScript](https://github.com/aws-powertools/powertools-lambda-typescript/), and [.NET](https://github.com/aws-powertools/powertools-lambda-dotnet/)
           required: false
   - type: markdown
     attributes:

.github/ISSUE_TEMPLATE/maintenance.yml

@@ -53,9 +53,9 @@ body:
     attributes:
       label: Acknowledgment
       options:
-        - label: This request meets [Powertools for AWS Lambda (Python) Tenets](https://awslabs.github.io/aws-lambda-powertools-python/latest/#tenets)
+        - label: This request meets [Powertools for AWS Lambda (Python) Tenets](https://docs.powertools.aws.dev/lambda/python/latest/#tenets)
           required: true
-        - label: Should this be considered in other Powertools for AWS Lambda languages? i.e. [Java](https://github.com/awslabs/aws-lambda-powertools-java/), [TypeScript](https://github.com/awslabs/aws-lambda-powertools-typescript/), and [.NET](https://github.com/awslabs/aws-lambda-powertools-dotnet/)
+        - label: Should this be considered in other Powertools for AWS Lambda languages? i.e. [Java](https://github.com/aws-powertools/powertools-lambda-java/), [TypeScript](https://github.com/aws-powertools/powertools-lambda-typescript/), and [.NET](https://github.com/aws-powertools/powertools-lambda-dotnet/)
           required: false
   - type: markdown
     attributes:

.github/ISSUE_TEMPLATE/rfc.yml

@@ -91,9 +91,9 @@ body:
     attributes:
       label: Acknowledgment
       options:
-        - label: This feature request meets [Powertools for AWS Lambda (Python) Tenets](https://awslabs.github.io/aws-lambda-powertools-python/latest/#tenets)
+        - label: This feature request meets [Powertools for AWS Lambda (Python) Tenets](https://docs.powertools.aws.dev/lambda/python/latest/#tenets)
           required: true
-        - label: Should this be considered in other Powertools for AWS Lambda languages? i.e. [Java](https://github.com/awslabs/aws-lambda-powertools-java/), [TypeScript](https://github.com/awslabs/aws-lambda-powertools-typescript/), and [.NET](https://github.com/awslabs/aws-lambda-powertools-dotnet/)
+        - label: Should this be considered in other Powertools for AWS Lambda languages? i.e. [Java](https://github.com/aws-powertools/powertools-lambda-java/), [TypeScript](https://github.com/aws-powertools/powertools-lambda-typescript/), and [.NET](https://github.com/aws-powertools/powertools-lambda-dotnet/)
           required: false
   - type: markdown
     attributes:

.github/ISSUE_TEMPLATE/static_typing.yml

@@ -8,7 +8,7 @@ body:
       value: |
         Thank you for submitting a static typing report. Please add as much information as possible to help us reproduce.
 
-        Our preferred static type checker is [Mypy](https://mypy.readthedocs.io/en/stable/) using the following [configuration](https://github.com/awslabs/aws-lambda-powertools-python/blob/develop/mypy.ini).
+        Our preferred static type checker is [Mypy](https://mypy.readthedocs.io/en/stable/) using the following [configuration](https://github.com/aws-powertools/powertools-lambda-python/blob/develop/mypy.ini).
   - type: dropdown
     id: tool
     attributes:
@@ -29,6 +29,7 @@ body:
         - "3.8"
         - "3.9"
         - "3.10"
+        - "3.11"
     validations:
       required: true
   - type: input

.github/ISSUE_TEMPLATE/tech_debt.yml

@@ -50,9 +50,9 @@ body:
     attributes:
       label: Acknowledgment
       options:
-        - label: This request meets [Powertools for AWS Lambda (Python) Tenets](https://awslabs.github.io/aws-lambda-powertools-python/latest/#tenets)
+        - label: This request meets [Powertools for AWS Lambda (Python) Tenets](https://docs.powertools.aws.dev/lambda/python/latest/#tenets)
           required: true
-        - label: Should this be considered in other Powertools for AWS Lambda languages? i.e. [Java](https://github.com/awslabs/aws-lambda-powertools-java/), [TypeScript](https://github.com/awslabs/aws-lambda-powertools-typescript/), and [.NET](https://github.com/awslabs/aws-lambda-powertools-dotnet/)
+        - label: Should this be considered in other Powertools for AWS Lambda languages? i.e. [Java](https://github.com/aws-powertools/powertools-lambda-java/), [TypeScript](https://github.com/aws-powertools/powertools-lambda-typescript/), and [.NET](https://github.com/aws-powertools/powertools-lambda-dotnet/)
           required: false
   - type: markdown
     attributes:

.github/PULL_REQUEST_TEMPLATE.md

@@ -15,11 +15,11 @@
 
 If your change doesn't seem to apply, please leave them unchecked.
 
-* [ ] [Meet tenets criteria](https://awslabs.github.io/aws-lambda-powertools-python/#tenets)
+* [ ] [Meet tenets criteria](https://docs.powertools.aws.dev/lambda/python/#tenets)
 * [ ] I have performed a self-review of this change
 * [ ] Changes have been tested
 * [ ] Changes are documented
-* [ ] PR title follows [conventional commit semantics](https://github.com/awslabs/aws-lambda-powertools-python/blob/develop/.github/semantic.yml)
+* [ ] PR title follows [conventional commit semantics](https://github.com/aws-powertools/powertools-lambda-python/blob/develop/.github/semantic.yml)
 
 <details>
 <summary>Is this a breaking change?</summary>

.github/actionlint.yaml

@@ -1,5 +1,4 @@
 self-hosted-runner:
   labels:
-    - aws-lambda-powertools_ubuntu-latest_4-core
-    - aws-lambda-powertools_ubuntu-latest_8-core
-    - aws-lambda-powertools_ubuntu-latest_16-core
+    - aws-powertools_ubuntu-latest_4-core 
+    - aws-powertools_ubuntu-latest_8-core

.github/actions/create-pr/create_pr_for_staged_changes.sh

@@ -89,7 +89,7 @@ function create_temporary_branch_with_changes() {
 function create_pr() {
     start_span "Creating PR against ${TEMP_BRANCH} branch"
     # TODO: create label
-    NEW_PR_URL=$(gh pr create --title "${PR_TITLE}" --body "${PR_BODY}: ${WORKFLOW_URL}" --base "${BASE_BRANCH}" --label "${SKIP_LABEL}" || error "Failed to create PR") # e.g, https://github.com/awslabs/aws-lambda-powertools/pull/13
+    NEW_PR_URL=$(gh pr create --title "${PR_TITLE}" --body "${PR_BODY}: ${WORKFLOW_URL}" --base "${BASE_BRANCH}" --label "${SKIP_LABEL}" || error "Failed to create PR") # e.g, https://github.com/aws-powertools/powertools-lambda-python/pull/13
 
     # greedy remove any string until the last URL path, including the last '/'. https://opensource.com/article/17/6/bash-parameter-expansion
     debug "Extracing PR Number from PR URL: "${NEW_PR_URL}""

.github/actions/seal-restore/action.yml

@@ -0,0 +1,82 @@
+name: "Restore sealed source code"
+description: "Restore sealed source code and confirm integrity hash"
+
+# PROCESS
+#
+# 1. Exports artifact name using Prefix + GitHub Run ID (unique for each release trigger)
+# 2. Compress entire source code as tarball OR given files
+# 3. Create and export integrity hash for tarball
+# 4. Upload artifact
+# 5. Remove archive
+
+# USAGE
+#
+# - name: Seal and upload
+#   id: seal_source_code
+#   uses: ./.github/actions/seal
+#   with:
+#     artifact_name_prefix: "source"
+#
+# - name: Restore sealed source code
+#   uses: ./.github/actions/seal-restore
+#   with:
+#     integrity_hash: ${{ needs.seal_source_code.outputs.integrity_hash }}
+#     artifact_name: ${{ needs.seal_source_code.outputs.artifact_name }}
+
+# NOTES
+#
+# To be used together with .github/actions/seal
+
+inputs:
+  integrity_hash:
+    description: "Integrity hash to verify"
+    required: true
+  artifact_name:
+    description: "Sealed artifact name to restore"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - id: adjust-path
+      run: echo "${{ github.action_path }}" >> $GITHUB_PATH
+      shell: bash
+
+    - name: Download artifacts
+      uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      with:
+        name: ${{ inputs.artifact_name }}
+        path: .
+
+    - id: integrity_hash
+      name: Create integrity hash for downloaded artifact
+      run: |
+        HASH=$(sha256sum "${ARTIFACT_NAME}.tar" | awk '{print $1}')
+
+        echo "current_hash=${HASH}" >> "$GITHUB_OUTPUT"
+      env:
+        ARTIFACT_NAME: ${{ inputs.artifact_name }}
+      shell: bash
+
+    - id: verify_hash
+      name: Verify sealed artifact integrity hash
+      run: test "${CURRENT_HASH}" = "${PROVIDED_HASH}" || exit 1
+      env:
+        ARTIFACT_NAME: ${{ inputs.artifact_name }}
+        PROVIDED_HASH: ${{ inputs.integrity_hash }}
+        CURRENT_HASH: ${{ steps.integrity_hash.outputs.current_hash }}
+      shell: bash
+
+    # Restore and overwrite tarball in current directory
+    - id: overwrite
+      name: Extract tarball
+      run: tar -xvf "${ARTIFACT_NAME}".tar
+      env:
+        ARTIFACT_NAME: ${{ inputs.artifact_name }}
+      shell: bash
+
+    - name: Remove archive
+      run: rm -f "${ARTIFACT_NAME}.tar"
+      env:
+        ARTIFACT_NAME: ${{ inputs.artifact_name }}
+      shell: bash

.github/actions/seal/action.yml

@@ -0,0 +1,93 @@
+name: "Seal and hash source code"
+description: "Seal and export source code as a tarball artifact along with its integrity hash"
+
+# PROCESS
+#
+# 1. Exports artifact name using Prefix + GitHub Run ID (unique for each release trigger)
+# 2. Compress entire source code as tarball OR given files
+# 3. Create and export integrity hash for tarball
+# 4. Upload artifact
+# 5. Remove archive
+
+# USAGE
+#
+# - name: Seal and upload
+#   id: seal_source_code
+#   uses: ./.github/actions/seal
+#   with:
+#     artifact_name_prefix: "source"
+
+inputs:
+  files:
+    description: "Files to seal separated by space"
+    required: false
+  artifact_name_prefix:
+    description: "Prefix to use when exporting artifact"
+    required: true
+
+outputs:
+  integrity_hash:
+    description: "Source code integrity hash"
+    value: ${{ steps.integrity_hash.outputs.integrity_hash }}
+  artifact_name:
+    description: "Artifact name containTemporary branch created with staged changed"
+    value: ${{ steps.export_artifact_name.outputs.artifact_name }}
+
+runs:
+  using: "composite"
+  steps:
+    - id: adjust-path
+      run: echo "${{ github.action_path }}" >> $GITHUB_PATH
+      shell: bash
+
+    - id: export_artifact_name
+      name: Export final artifact name
+      run: echo "artifact_name=${ARTIFACT_PREFIX}-${GITHUB_RUN_ID}" >> "$GITHUB_OUTPUT"
+      env:
+        GITHUB_RUN_ID: ${{ github.run_id }}
+        ARTIFACT_PREFIX: ${{ inputs.artifact_name_prefix }}
+      shell: bash
+
+    # By default, create a tarball of the current directory minus .git
+    # otherwise it breaks GH Actions when restoring it
+    - id: compress_all
+      if: ${{ !inputs.files }}
+      name: Create tarball for entire source
+      run: tar --exclude-vcs -cvf "${ARTIFACT_NAME}".tar *
+      env:
+        ARTIFACT_NAME: ${{ steps.export_artifact_name.outputs.artifact_name }}
+      shell: bash
+
+    # If a list of files are given, then create a tarball for those only
+    - id: compress_selected_files
+      if: ${{ inputs.files }}
+      name: Create tarball for selected files
+      run: tar --exclude-vcs -cvf "${ARTIFACT_NAME}".tar "${FILES}"
+      env:
+        FILES: ${{ inputs.files }}
+        ARTIFACT_NAME: ${{ steps.export_artifact_name.outputs.artifact_name }}
+      shell: bash
+
+    - id: integrity_hash
+      name: Create and export integrity hash for tarball
+      run: |
+        HASH=$(sha256sum "${ARTIFACT_NAME}.tar" | awk '{print $1}')
+
+        echo "integrity_hash=${HASH}" >> "$GITHUB_OUTPUT"
+      env:
+        ARTIFACT_NAME: ${{ steps.export_artifact_name.outputs.artifact_name }}
+      shell: bash
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+      with:
+        if-no-files-found: error
+        name: ${{ steps.export_artifact_name.outputs.artifact_name }}
+        path: ${{ steps.export_artifact_name.outputs.artifact_name }}.tar
+        retention-days: 1
+
+    - name: Remove archive
+      run: rm -f "${ARTEFACT_NAME}.tar"
+      env:
+        ARTIFACT_NAME: ${{ steps.export_artifact_name.outputs.artifact_name }}
+      shell: bash

.github/actions/upload-release-provenance/action.yml

@@ -0,0 +1,67 @@
+name: "Upload provenance attestation to release"
+description: "Download and upload newly generated provenance attestation to latest release."
+
+# PROCESS
+#
+# 1. Downloads provenance attestation artifact generated earlier in the release pipeline
+# 2. Updates latest GitHub draft release pointing to newly git release tag
+# 3. Uploads provenance attestation file to latest GitHub draft release
+
+# USAGE
+#
+# - name: Upload provenance
+#   id: upload-provenance
+#   uses: ./.github/actions/upload-release-provenance
+#   with:
+#     release_version: ${{ needs.seal.outputs.RELEASE_VERSION }}
+#     provenance_name: ${{needs.provenance.outputs.provenance-name}}
+#     github_token: ${{ secrets.GITHUB_TOKEN }}
+
+# NOTES
+#
+# There are no outputs.
+#
+
+inputs:
+  provenance_name:
+    description: "Provenance artifact name to download"
+    required: true
+  release_version:
+    description: "Release version (e.g., 2.20.0)"
+    required: true
+  github_token:
+    description: "GitHub token for GitHub CLI"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - id: adjust-path
+      run: echo "${{ github.action_path }}" >> $GITHUB_PATH
+      shell: bash
+
+    - id: download-provenance
+      name: Download newly generated provenance
+      uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
+      with:
+        name: ${{ inputs.provenance_name }}
+
+    - id: sync-release-tag
+      name: Update draft release tag to release commit tag
+      run: |
+        CURRENT_DRAFT_RELEASE=$(gh release list | awk '{ if ($2 == "Draft") print $1}')
+        gh release edit "${CURRENT_DRAFT_RELEASE}" --tag v"${RELEASE_VERSION}"
+      env:
+        RELEASE_VERSION: ${{ inputs.release_version }}
+        GH_TOKEN: ${{ inputs.github_token }}
+      shell: bash
+
+    - id: upload-provenance
+      name: Upload provenance to release tag
+      # clobber flag means overwrite release asset if available (eventual consistency, retried failed steps)
+      run: gh release upload --clobber v"${RELEASE_VERSION}" "${PROVENANCE_FILE}"
+      env:
+        RELEASE_VERSION: ${{ inputs.release_version }}
+        PROVENANCE_FILE: ${{ inputs.provenance_name }}
+        GH_TOKEN: ${{ inputs.github_token }}
+      shell: bash