From 00d61670152ee9b78813cfbd05682710143caf76 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 16 Mar 2026 12:56:22 +0000 Subject: [PATCH 01/10] kiota --- AGENTS.md | 2 +- extensions/context.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 1e167c18..ef2eb069 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -12,7 +12,7 @@ - Test coverage requirements are usually at 100%, so when running a subset of tests, always disable test coverage to avoid the test run failing for insufficient coverage. - Avoid magic values in comparisons in tests in all languages (like ruff rule PLR2004 specifies) - Prefer using random values in tests rather than arbitrary ones (e.g. the faker library, uuids, random.randint) when possible. -- Avoid loops in tests — assert each item explicitly so failures pinpoint the exact element. +- Avoid loops in tests — assert each item explicitly so failures pinpoint the exact element. When verifying a condition across all items in a collection, collect the violations into a list and assert it's empty (e.g., assert [x for x in items if bad_condition(x)] == []). - Key `data-testid` selectors off unique IDs (e.g. UUIDs), not human-readable names which may collide or change. ### Python Testing diff --git a/extensions/context.py b/extensions/context.py index 47cad74a..febca34c 100644 --- a/extensions/context.py +++ b/extensions/context.py @@ -48,7 +48,7 @@ def hook(self, context: dict[Any, Any]) -> dict[Any, Any]: context["syrupy_version"] = ">=5.1.0" context["structlog_version"] = ">=25.5.0" context["httpx_version"] = ">=0.28.1" - context["python_kiota_bundle_version"] = ">=1.9.8" + context["python_kiota_bundle_version"] = ">=1.9.10" context["vcrpy_version"] = ">=8.1.1" context["pytest_recording_version"] = ">=0.13.4" context["pytest_asyncio_version"] = ">=1.3.0" @@ -85,7 +85,7 @@ def hook(self, context: dict[Any, Any]) -> dict[Any, Any]: context["nuxt_test_utils_version"] = "3.19.1" context["vue_eslint_parser_version"] = "^10.4.0" context["happy_dom_version"] = "^20.8.3" - context["node_kiota_bundle_version"] = "1.0.0-preview.99" + context["node_kiota_bundle_version"] = "1.0.0-preview.100" ####### # These are duplicated in the CI files for this repository context["gha_checkout"] = "v6.0.2" From b02a9f2f4be7caefb44df90079be230da09ec080 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 16 Mar 2026 13:03:27 +0000 Subject: [PATCH 02/10] copier --- .devcontainer/devcontainer.json | 2 +- extensions/context.py | 4 ++-- pyproject.toml | 2 +- uv.lock | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index a17fde12..a25e1980 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -71,5 +71,5 @@ "initializeCommand": "sh .devcontainer/initialize-command.sh", "onCreateCommand": "sh .devcontainer/on-create-command.sh", "postStartCommand": "sh .devcontainer/post-start-command.sh" - // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): eb7c79fa # spellchecker:disable-line + // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 66f97b1e # spellchecker:disable-line } diff --git a/extensions/context.py b/extensions/context.py index febca34c..623d6b84 100644 --- a/extensions/context.py +++ b/extensions/context.py @@ -14,7 +14,7 @@ def hook(self, context: dict[Any, Any]) -> dict[Any, Any]: context["uv_version"] = "0.10.9" context["pre_commit_version"] = "4.5.1" # These also in pyproject.toml - context["copier_version"] = "==9.12.0" + context["copier_version"] = "==9.14.0" context["copier_template_extensions_version"] = "==0.3.3" ####### context["pnpm_version"] = "10.32.1" @@ -40,7 +40,7 @@ def hook(self, context: dict[Any, Any]) -> dict[Any, Any]: context["strawberry_graphql_version"] = ">=0.298.0" context["fastapi_version"] = ">=0.135.1" context["fastapi_offline_version"] = ">=1.7.4" - context["uvicorn_version"] = ">=0.41.0" + context["uvicorn_version"] = ">=0.42.0" context["lab_auto_pulumi_version"] = ">=0.1.18" context["ariadne_codegen_version"] = ">=0.17.0" context["pytest_mock_version"] = ">=3.15.1" diff --git a/pyproject.toml b/pyproject.toml index e1f7efad..85b04d05 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,6 +10,6 @@ dependencies = [ "pytest-randomly>=4.0.1", "pyright[nodejs]>=1.1.408", "ty>=0.0.23", - "copier==9.12.0", + "copier==9.14.0", "copier-template-extensions==0.3.3" ] diff --git a/uv.lock b/uv.lock index 6c80f323..05483380 100644 --- a/uv.lock +++ b/uv.lock @@ -22,7 +22,7 @@ wheels = [ [[package]] name = "copier" -version = "9.12.0" +version = "9.14.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "colorama" }, @@ -39,9 +39,9 @@ dependencies = [ { name = "pyyaml" }, { name = "questionary" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/6b/e0/5187c63a9020e84cfbb3cc52b52d7fc15aab73fd1e9106ae33167116a3f9/copier-9.12.0.tar.gz", hash = "sha256:87986637205a0443dbf7e5946502e5c71962a559c25f436642a08203cf61ef54", size = 611292, upload-time = "2026-02-21T13:32:40.37Z" } +sdist = { url = "https://files.pythonhosted.org/packages/cb/35/42b9e1c2b4adab0ebb788eae1f1800fa5f481ff5552a6e58c3d953dd11c0/copier-9.14.0.tar.gz", hash = "sha256:4d1b6a19538a5d170f913afb7682fe745c74b35c84085890809cb8d8d4d8fe7a", size = 618593, upload-time = "2026-03-13T15:55:30.796Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/9c/22/6d9cfea622a064d17f406bbea1dd37f95ac75094d44e23447df934661add/copier-9.12.0-py3-none-any.whl", hash = "sha256:a1bc84dfd2a4b85dbe034999026c0e24ca02a6bc1574f45df07fd76d935c2ea9", size = 58805, upload-time = "2026-02-21T13:32:38.767Z" }, + { url = "https://files.pythonhosted.org/packages/df/91/4a151c94320458895049a3e23b7b2cfc08953c60b14892de837e8eb51d0a/copier-9.14.0-py3-none-any.whl", hash = "sha256:e12a18cfef22e67254e5229f0b4bdab85e1e3e82926e448226be0b70d0f4de53", size = 59425, upload-time = "2026-03-13T15:55:29.273Z" }, ] [[package]] @@ -60,7 +60,7 @@ dependencies = [ [package.metadata] requires-dist = [ - { name = "copier", specifier = "==9.12.0" }, + { name = "copier", specifier = "==9.14.0" }, { name = "copier-template-extensions", specifier = "==0.3.3" }, { name = "pyright", extras = ["nodejs"], specifier = ">=1.1.408" }, { name = "pytest", specifier = ">=9.0.2" }, From b01795a24221c95fb27432db5bc4b6fb5884d388 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 16 Mar 2026 13:15:09 +0000 Subject: [PATCH 03/10] ecr auth action --- .../.github/actions/ecr-auth/action.yml.jinja | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 template/template/.github/actions/ecr-auth/action.yml.jinja diff --git a/template/template/.github/actions/ecr-auth/action.yml.jinja b/template/template/.github/actions/ecr-auth/action.yml.jinja new file mode 100644 index 00000000..64d45883 --- /dev/null +++ b/template/template/.github/actions/ecr-auth/action.yml.jinja @@ -0,0 +1,25 @@ +{% raw %}name: AWS ECR Auth +description: 'Use OIDC to Authenticate and login to an AWS ECR.' + +inputs: + aws-region: + type: string + description: AWS region to use for ECR authentication + required: false + default: '{% endraw %}{{ aws_central_infrastructure_account_id }}{% raw %}' + role-arn: + type: string + description: AWS IAM Role ARN to assume for ECR authentication + required: false + default: 'arn:aws:iam::{% endraw %}{{ aws_central_infrastructure_account_id }}{% raw %}:role/{% endraw %}{{ core_infra_base_access_profile_name }}{% raw %}' + +runs: + using: composite + steps: + - name: OIDC Auth for ECR to pull Data Hub images + uses: aws-actions/configure-aws-credentials@{% endraw %}{{ gha_configure_aws_credentials }}{% raw %} + with: + role-to-assume: ${{ inputs.role-arn }} + aws-region: ${{ inputs.aws-region }} + - name: Login to Amazon ECR + uses: aws-actions/amazon-ecr-login@{% endraw %}{{ gha_amazon_ecr_login }} From 9c27420d1944ef1d668dfb2aae28722680e9dbb9 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 16 Mar 2026 13:28:26 +0000 Subject: [PATCH 04/10] use action in docker build --- .../build-docker-image.yaml.jinja-base | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/template/.github/reusable_workflows/build-docker-image.yaml.jinja-base b/template/.github/reusable_workflows/build-docker-image.yaml.jinja-base index 895b11d3..636c801a 100644 --- a/template/.github/reusable_workflows/build-docker-image.yaml.jinja-base +++ b/template/.github/reusable_workflows/build-docker-image.yaml.jinja-base @@ -72,9 +72,9 @@ jobs: - name: OIDC Auth for ECR if: ${{ inputs.push-role-name != 'no-push' }} - uses: aws-actions/configure-aws-credentials@{% endraw %}{{ gha_configure_aws_credentials }}{% raw %} + uses: ./.github/actions/ecr-auth with: - role-to-assume: arn:aws:iam::${{ steps.parse_ecr_url.outputs.aws_account_id }}:role/${{ inputs.push-role-name }} + role-arn: arn:aws:iam::${{ steps.parse_ecr_url.outputs.aws_account_id }}:role/${{ inputs.push-role-name }} aws-region: ${{ steps.parse_ecr_url.outputs.aws_region }} - name: Calculate hash of files in build context @@ -111,11 +111,6 @@ jobs: echo "status=notfound" >> $GITHUB_OUTPUT fi - - name: Login to Amazon ECR - if: ${{ inputs.push-role-name != 'no-push' && (steps.check-if-exists.outputs.status == 'notfound' || inputs.save-as-artifact ) }} - id: login-ecr - uses: aws-actions/amazon-ecr-login@{% endraw %}{{ gha_amazon_ecr_login }}{% raw %} - - name: Pull existing image to package as artifact if: ${{ inputs.save-as-artifact && steps.check-if-exists.outputs.status == 'found' }} run: | From 41494b4fc30c281b5cf9377a99568f2bcc2fede1 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 16 Mar 2026 13:43:54 +0000 Subject: [PATCH 05/10] fix region --- template/template/.github/actions/ecr-auth/action.yml.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/template/.github/actions/ecr-auth/action.yml.jinja b/template/template/.github/actions/ecr-auth/action.yml.jinja index 64d45883..a51adfb5 100644 --- a/template/template/.github/actions/ecr-auth/action.yml.jinja +++ b/template/template/.github/actions/ecr-auth/action.yml.jinja @@ -6,7 +6,7 @@ inputs: type: string description: AWS region to use for ECR authentication required: false - default: '{% endraw %}{{ aws_central_infrastructure_account_id }}{% raw %}' + default: '{% endraw %}{{ aws_org_home_region }}{% raw %}' role-arn: type: string description: AWS IAM Role ARN to assume for ECR authentication From 0c9552eba88e23d6a23a3a52f6b666387d1c6c0b Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 16 Mar 2026 13:55:29 +0000 Subject: [PATCH 06/10] bump gha --- extensions/context.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/extensions/context.py b/extensions/context.py index 623d6b84..5c4d4db9 100644 --- a/extensions/context.py +++ b/extensions/context.py @@ -99,9 +99,9 @@ def hook(self, context: dict[Any, Any]) -> dict[Any, Any]: context["gha_setup_buildx"] = "v3.11.1" context["buildx_version"] = "v0.27.0" context["gha_docker_build_push"] = "v6.18.0" - context["gha_configure_aws_credentials"] = "v5.1.1" - context["gha_amazon_ecr_login"] = "v2.0.1" - context["gha_setup_node"] = "v6.2.0" + context["gha_configure_aws_credentials"] = "v6.0.0" + context["gha_amazon_ecr_login"] = "v2.0.2" + context["gha_setup_node"] = "v6.3.0" context["gha_action_gh_release"] = "v2.2.1" context["gha_mutex"] = "1ebad517141198e08d47cf72f3c0975316620a65 # v1.0.0-alpha.10" context["gha_pypi_publish"] = "v1.13.0" From 752cc69e09ba73771dc8b9be05aafa69a7b34082 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 16 Mar 2026 14:05:52 +0000 Subject: [PATCH 07/10] bump uv --- .devcontainer/devcontainer.json | 2 +- .devcontainer/install-ci-tooling.py | 4 ++-- extensions/context.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index a25e1980..087a1a5c 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -71,5 +71,5 @@ "initializeCommand": "sh .devcontainer/initialize-command.sh", "onCreateCommand": "sh .devcontainer/on-create-command.sh", "postStartCommand": "sh .devcontainer/post-start-command.sh" - // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 66f97b1e # spellchecker:disable-line + // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): b93e7b48 # spellchecker:disable-line } diff --git a/.devcontainer/install-ci-tooling.py b/.devcontainer/install-ci-tooling.py index 8771071f..76fbb9b6 100644 --- a/.devcontainer/install-ci-tooling.py +++ b/.devcontainer/install-ci-tooling.py @@ -5,8 +5,8 @@ import subprocess import sys -UV_VERSION = "0.10.9" -COPIER_VERSION = "9.12.0" +UV_VERSION = "0.10.10" +COPIER_VERSION = "9.14.0" COPIER_TEMPLATE_EXTENSIONS_VERSION = "0.3.3" PRE_COMMIT_VERSION = "4.5.1" GITHUB_WINDOWS_RUNNER_BIN_PATH = r"C:\Users\runneradmin\.local\bin" diff --git a/extensions/context.py b/extensions/context.py index 5c4d4db9..294d6202 100644 --- a/extensions/context.py +++ b/extensions/context.py @@ -11,7 +11,7 @@ class ContextUpdater(ContextHook): @override def hook(self, context: dict[Any, Any]) -> dict[Any, Any]: # These are duplicated in the install-ci-tooling.py script in this repository - context["uv_version"] = "0.10.9" + context["uv_version"] = "0.10.10" context["pre_commit_version"] = "4.5.1" # These also in pyproject.toml context["copier_version"] = "==9.14.0" From d5681b690b082f3ad308f2c367c1bd51990f3296 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 16 Mar 2026 14:08:41 +0000 Subject: [PATCH 08/10] remove type --- template/template/.github/actions/ecr-auth/action.yml.jinja | 2 -- 1 file changed, 2 deletions(-) diff --git a/template/template/.github/actions/ecr-auth/action.yml.jinja b/template/template/.github/actions/ecr-auth/action.yml.jinja index a51adfb5..e3c9b7f2 100644 --- a/template/template/.github/actions/ecr-auth/action.yml.jinja +++ b/template/template/.github/actions/ecr-auth/action.yml.jinja @@ -3,12 +3,10 @@ description: 'Use OIDC to Authenticate and login to an AWS ECR.' inputs: aws-region: - type: string description: AWS region to use for ECR authentication required: false default: '{% endraw %}{{ aws_org_home_region }}{% raw %}' role-arn: - type: string description: AWS IAM Role ARN to assume for ECR authentication required: false default: 'arn:aws:iam::{% endraw %}{{ aws_central_infrastructure_account_id }}{% raw %}:role/{% endraw %}{{ core_infra_base_access_profile_name }}{% raw %}' From d92f57ebb6c74321718ccd1358ce3bf02b3f09e9 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 16 Mar 2026 14:16:08 +0000 Subject: [PATCH 09/10] remove hub --- template/template/.github/actions/ecr-auth/action.yml.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/template/.github/actions/ecr-auth/action.yml.jinja b/template/template/.github/actions/ecr-auth/action.yml.jinja index e3c9b7f2..82faf894 100644 --- a/template/template/.github/actions/ecr-auth/action.yml.jinja +++ b/template/template/.github/actions/ecr-auth/action.yml.jinja @@ -14,7 +14,7 @@ inputs: runs: using: composite steps: - - name: OIDC Auth for ECR to pull Data Hub images + - name: OIDC Auth for ECR uses: aws-actions/configure-aws-credentials@{% endraw %}{{ gha_configure_aws_credentials }}{% raw %} with: role-to-assume: ${{ inputs.role-arn }} From 69f8eeb7d85906e931ba7a901621ab242fa92520 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 16 Mar 2026 14:16:26 +0000 Subject: [PATCH 10/10] spacing --- AGENTS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AGENTS.md b/AGENTS.md index ef2eb069..07e276f3 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -12,7 +12,7 @@ - Test coverage requirements are usually at 100%, so when running a subset of tests, always disable test coverage to avoid the test run failing for insufficient coverage. - Avoid magic values in comparisons in tests in all languages (like ruff rule PLR2004 specifies) - Prefer using random values in tests rather than arbitrary ones (e.g. the faker library, uuids, random.randint) when possible. -- Avoid loops in tests — assert each item explicitly so failures pinpoint the exact element. When verifying a condition across all items in a collection, collect the violations into a list and assert it's empty (e.g., assert [x for x in items if bad_condition(x)] == []). +- Avoid loops in tests — assert each item explicitly so failures pinpoint the exact element. When verifying a condition across all items in a collection, collect the violations into a list and assert it's empty (e.g., assert [x for x in items if bad_condition(x)] == []). - Key `data-testid` selectors off unique IDs (e.g. UUIDs), not human-readable names which may collide or change. ### Python Testing