Initial commit

.coveragerc

@@ -0,0 +1,5 @@
+[run]
+relative_files = True
+
+# Use 'source' instead of 'omit' in order to ignore 'tests/unit/__init__.py'
+source = hello_world

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @Sage-Bionetworks-IT/sagebio-it  @Sage-Bionetworks-IT/infra-oversight-committee

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,7 @@
+DELETE THIS TEMPLATE BEFORE SUBMITTING
+
+PR Checklist:
+[ ] Clearly explain your change with a desriptive commit message
+
+[ ] Setup pre-commit and run the validators (info in README.md)
+    To validate files run: `pre-commit run --all-files`

.github/actions/sam-build/action.yaml

@@ -0,0 +1,26 @@
+name: sam-build
+
+runs:
+  # This creates a composite action to be used as a step in a job
+  # https://docs.github.com/en/actions/creating-actions/creating-a-composite-action
+  using: "composite"
+  steps:
+    # Convert Pipfile.lock to requirements.txt for sam
+    - uses: actions/setup-python@v4
+      with:
+        python-version: 3.9
+    - run: pip install -U pipenv
+      shell: bash
+
+    # This needs to be in the 'CodeUri' directory
+    - run: pipenv requirements > requirements.txt
+      shell: bash
+
+    # Install aws-sam-cli
+    - uses: aws-actions/setup-sam@v2
+      with:
+        use-installer: true
+
+    # Use a lambda-like docker container to build the lambda artifact
+    - run: sam build --use-container
+      shell: bash

.github/workflows/periodic.yaml

@@ -0,0 +1,11 @@
+name: periodic
+
+on:
+  # Run once a month
+  schedule:
+    - cron: '30 16 15 * *'  # 16:30 UTC (9:30 PST) on the 15th of the month
+
+jobs:
+  # Check that our current dependencies still work
+  dependency-check:
+    uses: "./.github/workflows/test.yaml"

.github/workflows/post-merge.yaml

@@ -0,0 +1,42 @@
+name: post-merge
+
+on:
+  # Run on merges to master or tag pushes
+  push:
+    branches: [ 'master' ]
+    tags: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}
+
+jobs:
+  lambda-test:
+    uses: "./.github/workflows/test.yaml"
+
+  package-and-publish:
+    runs-on: ubuntu-latest
+    needs: lambda-test
+    permissions:
+      id-token: write
+    env:
+      BOOTSTRAP_BUCKET: bootstrap-awss3cloudformationbucket-19qromfd235z9
+      ESSENTIALS_BUCKET: essentials-awss3lambdaartifactsbucket-x29ftznj6pqw
+    steps:
+      - uses: actions/checkout@v3
+
+      # Install sam-cli and run "sam build"
+      - uses: ./.github/actions/sam-build
+
+      # authenticate with AWS via OIDC
+      - uses: aws-actions/configure-aws-credentials@v3
+        with:
+          aws-region: us-east-1
+          role-to-assume: arn:aws:iam::745159704268:role/sagebase-github-oidc-lambda-template-deploy-sageit
+          role-session-name: GHA-${{ github.event.repository.name }}-${{ github.run_id }}  # Must not exceed 64 chars
+          role-duration-seconds: 900
+
+      # upload the lambda artifact to s3 and generate a cloudformation template referencing it
+      - run: sam package --template-file .aws-sam/build/template.yaml --s3-bucket $ESSENTIALS_BUCKET --s3-prefix ${{ github.event.repository.name }}/${{ github.ref_name }} --output-template-file .aws-sam/build/${{ github.event.repository.name }}.yaml
+
+      # upload the generated cloudformation template to s3
+      - run: aws s3 cp .aws-sam/build/${{ github.event.repository.name }}.yaml s3://$BOOTSTRAP_BUCKET/${{ github.event.repository.name }}/${{ github.ref_name }}/

.github/workflows/pre-merge.yaml

@@ -0,0 +1,9 @@
+name: pre-merge
+
+on:
+  # Run on open pull requests
+  pull_request:
+
+jobs:
+  lambda-test:
+    uses: "./.github/workflows/test.yaml"

.github/workflows/test.yaml

@@ -0,0 +1,38 @@
+name: lambda-test
+
+on:
+  # This is a dispatched workflow to be called as a job in other workflows
+  # https://docs.github.com/en/actions/using-workflows/reusing-workflows#creating-a-reusable-workflow
+  workflow_call:
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.9
+      - uses: pre-commit/[email protected]
+
+  pytest:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.9
+      - run: pip install -U pipenv
+      - run: pipenv install --dev
+      - run: pipenv run coverage run -m pytest tests/ -vv
+      - name: upload coverage to coveralls
+        uses: coverallsapp/github-action@v2
+
+  sam-build-and-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/sam-build
+      - run: sam validate --lint --template .aws-sam/build/template.yaml

.gitignore

@@ -0,0 +1,135 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# jetbrains
+.idea/
+
+# generated dynamically from Pipfile
+requirements.txt

.pre-commit-config.yaml

@@ -0,0 +1,29 @@
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.3.0
+    hooks:
+    # On Windows, git will convert all CRLF to LF, but only after all hooks are done executing.
+    # yamllint will fail before git has a chance to convert line endings, so line endings must be explicitly converted before yamllint
+    -   id: mixed-line-ending
+        args: ['--fix=lf']
+        description: Forces to replace line ending by the UNIX 'LF' character
+    -   id: end-of-file-fixer
+    -   id: trailing-whitespace
+    -   id: check-ast
+-   repo: https://github.com/adrienverge/yamllint
+    rev: v1.27.1
+    hooks:
+    -   id: yamllint
+-   repo: https://github.com/awslabs/cfn-python-lint
+    rev: v0.63.2
+    hooks:
+    -   id: cfn-python-lint
+        files: template\.(json|yml|yaml)$
+-   repo: https://github.com/Lucas-C/pre-commit-hooks
+    rev: v1.3.1
+    hooks:
+    -   id: remove-tabs
+-   repo: https://github.com/aristanetworks/j2lint.git
+    rev: v1.1.0
+    hooks:
+      - id: j2lint

.yamllint

@@ -0,0 +1,29 @@
+---
+
+extends: default
+
+rules:
+  braces:
+    level: warning
+    max-spaces-inside: 1
+  brackets:
+    level: warning
+    max-spaces-inside: 1
+  colons:
+    level: warning
+  commas:
+    level: warning
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    level: warning
+  hyphens:
+    level: warning
+  indentation:
+    level: warning
+    indent-sequences: consistent
+  line-length: disable
+  truthy: disable
+  new-line-at-end-of-file:
+    level: warning