Merge branch 'develop' into s3-event-notification-model

Signed-off-by: Alan Ip <theipster@users.noreply.github.com>

Author: theipster

.flake8

@@ -3,9 +3,11 @@ exclude = docs, .eggs, setup.py, example, .aws-sam, .git, dist, *.md, *.yaml, ex
 ignore = E203, E266, W503, BLK100, W291, I004
 max-line-length = 120
 max-complexity = 15
+; flake8-builtins isn't honouring inline ignore (A003)
 per-file-ignores =
     tests/e2e/utils/data_builder/__init__.py:F401
     tests/e2e/utils/data_fetcher/__init__.py:F401
+    aws_lambda_powertools/utilities/data_classes/s3_event.py:A003
 
 [isort]
 multi_line_output = 3

.github/dependabot.yml

@@ -20,7 +20,18 @@ updates:
     ignore:
       # 2022-04-23: Ignoring boto3 changes until we need to care about them.
       - dependency-name: "boto3"
-        
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    target-branch: "develop"
+    commit-message:
+      prefix: chore
+      include: scope
+    allow:
+      # Allow updates for AWS CDK
+      - dependency-name: "aws-cdk"
 
 #   - package-ecosystem: "pip"
 #     directory: "/"

.github/workflows/auto-merge.yml

@@ -14,7 +14,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v1.3.5
+        uses: dependabot/fetch-metadata@v1.3.6
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Enable auto-merge for mypy-boto3 stubs Dependabot PRs

.github/workflows/publish_v2_layer.yml

@@ -65,7 +65,7 @@ jobs:
         # NOTE: we need QEMU to build Layer against a different architecture (e.g., ARM)
       - name: Set up Docker Buildx
         id: builder
-        uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 # v2.0.0
+        uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
         with:
           install: true
           driver: docker

.github/workflows/release-drafter.yml

@@ -10,6 +10,6 @@ jobs:
   update_release_draft:
     runs-on: ubuntu-latest
     steps:
-      - uses: release-drafter/release-drafter@cfc5540ebc9d65a8731f02032e3d44db5e449fb6 # v5.20.1
+      - uses: release-drafter/release-drafter@569eb7ee3a85817ab916c8f8ff03a5bd96c9c83e # v5.20.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -73,7 +73,7 @@ jobs:
         run: |
           RELEASE_VERSION="${RELEASE_TAG_VERSION:1}"
           echo "RELEASE_VERSION=${RELEASE_VERSION}" >> "$GITHUB_ENV"
-          echo "::set-output name=RELEASE_VERSION::${RELEASE_VERSION}"
+          echo "RELEASE_VERSION=${RELEASE_VERSION}" >> "$GITHUB_OUTPUT"
       - name: Install dependencies
         run: make dev
       - name: Run all tests, linting and baselines
@@ -92,12 +92,13 @@ jobs:
       - name: Build python package and wheel
         if: ${{ !inputs.skip_pypi }}
         run: poetry build
-      - name: Upload to PyPi test
-        if: ${{ !inputs.skip_pypi }}
-        run: make release-test
-        env:
-          PYPI_USERNAME: __token__
-          PYPI_TEST_TOKEN: ${{ secrets.PYPI_TEST_TOKEN }}
+      # March 1st: PyPi test is under maintenance....
+      # - name: Upload to PyPi test
+      #   if: ${{ !inputs.skip_pypi }}
+      #   run: make release-test
+      #   env:
+      #     PYPI_USERNAME: __token__
+      #     PYPI_TEST_TOKEN: ${{ secrets.PYPI_TEST_TOKEN }}
       - name: Upload to PyPi prod
         if: ${{ !inputs.skip_pypi }}
         run: make release-prod

.github/workflows/reusable_deploy_v2_layer_stack.yml

@@ -68,7 +68,7 @@ jobs:
       - name: Install poetry
         run: pipx install poetry
       - name: aws credentials
-        uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
+        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef
         with:
           aws-region: ${{ matrix.region }}
           role-to-assume: ${{ secrets.AWS_LAYERS_ROLE_ARN }}

.github/workflows/reusable_deploy_v2_sar.yml

@@ -50,12 +50,12 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
       - name: AWS credentials
-        uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
+        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef
         with:
           aws-region: ${{ env.AWS_REGION }}
           role-to-assume: ${{ secrets.AWS_LAYERS_ROLE_ARN }}
       - name: AWS credentials SAR role
-        uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
+        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef
         id: aws-credentials-sar-role
         with:
           aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}

.github/workflows/reusable_export_pr_details.yml

@@ -71,19 +71,19 @@ jobs:
       # otherwise the parent caller won't see them regardless on how outputs are set.
       - name: "Export Pull Request Number"
         id: prNumber
-        run: echo ::set-output name=prNumber::$(jq -c '.number' ${FILENAME})
+        run: echo "prNumber=$(jq -c '.number' ${FILENAME})" >> $GITHUB_OUTPUT
       - name: "Export Pull Request Title"
         id: prTitle
-        run: echo ::set-output name=prTitle::$(jq -c '.pull_request.title' ${FILENAME})
+        run: echo "prTitle=$(jq -c '.pull_request.title' ${FILENAME})" >> $GITHUB_OUTPUT
       - name: "Export Pull Request Body"
         id: prBody
-        run: echo ::set-output name=prBody::$(jq -c '.pull_request.body' ${FILENAME})
+        run: echo "prBody=$(jq -c '.pull_request.body' ${FILENAME})" >> $GITHUB_OUTPUT
       - name: "Export Pull Request Author"
         id: prAuthor
-        run: echo ::set-output name=prAuthor::$(jq -c '.pull_request.user.login' ${FILENAME})
+        run: echo "prAuthor=$(jq -c '.pull_request.user.login' ${FILENAME})" >> $GITHUB_OUTPUT
       - name: "Export Pull Request Action"
         id: prAction
-        run: echo ::set-output name=prAction::$(jq -c '.action' ${FILENAME})
+        run: echo "prAction=$(jq -c '.action' ${FILENAME})" >> $GITHUB_OUTPUT
       - name: "Export Pull Request Merged status"
         id: prIsMerged
-        run: echo ::set-output name=prIsMerged::$(jq -c '.pull_request.merged' ${FILENAME})
+        run: echo "prIsMerged=$(jq -c '.pull_request.merged' ${FILENAME})" >> $GITHUB_OUTPUT

.github/workflows/reusable_publish_docs.yml

@@ -65,7 +65,7 @@ jobs:
           poetry run mike set-default --push latest
 
       - name: Release API docs
-        uses: peaceiris/actions-gh-pages@64b46b4226a4a12da2239ba3ea5aa73e3163c75b # v3.9.1
+        uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.3
         env:
           VERSION: ${{ inputs.version }}
         with:
@@ -75,7 +75,7 @@ jobs:
           destination_dir: ${{ env.VERSION }}/api
       - name: Release API docs to latest
         if: ${{ inputs.alias == 'latest' }}
-        uses: peaceiris/actions-gh-pages@64b46b4226a4a12da2239ba3ea5aa73e3163c75b # v3.9.1
+        uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.3
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: ./api

.github/workflows/run-e2e-tests.yml

@@ -19,13 +19,16 @@ on:
 env:
   AWS_DEFAULT_REGION: us-east-1
 
+concurrency: e2e
+
 jobs:
   run:
     runs-on: aws-lambda-powertools_ubuntu-latest_8-core
     permissions:
       id-token: write # needed to request JWT with GitHub's OIDC Token endpoint. docs: https://bit.ly/3MNgQO9
       contents: read
     strategy:
+      fail-fast: false # needed so if a version fails, the others will still be able to complete and cleanup
       matrix:
         version: ["3.7", "3.8", "3.9"]
     if: ${{ github.actor != 'dependabot[bot]' }}
@@ -51,7 +54,7 @@ jobs:
       - name: Install dependencies
         run: make dev
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef
         with:
           role-to-assume: ${{ secrets.AWS_TEST_ROLE_ARN }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}

.github/workflows/secure_workflows.yml

@@ -16,7 +16,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
       - name: Ensure 3rd party workflows have SHA pinned
-        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@bd2868d14a756969608c618665394415a238de69 # v2.0.5
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@21991cec25093947ff3f62e4c223df0260c39944 # v2.1.2
         with:
           # Trusted GitHub Actions and/or organizations
           allowlist: |

.pre-commit-config.yaml

@@ -43,7 +43,7 @@ repos:
         types: [yaml]
         files: examples/.*
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.6.21
+    rev: v1.6.23
     hooks:
       - id: actionlint-docker
         args: [-pyflakes=]