Skip to content

Release v10.5.1#2770

Merged
asjohnston-asf merged 62 commits intomainfrom
develop
May 23, 2025
Merged

Release v10.5.1#2770
asjohnston-asf merged 62 commits intomainfrom
develop

Conversation

@asjohnston-asf
Copy link
Copy Markdown
Member

@asjohnston-asf asjohnston-asf commented May 23, 2025
edited
Loading

TODO

  • update MONTHLY_BUDGET secret value for hyp3-edc-prod environment

jtherrmann and others added 30 commits January 27, 2025 14:32
@jtherrmann
rough draft of deployment steps
763066f
@jtherrmann
move ASF and JPL deployment docs
3bbc35e
@jtherrmann
incorporate ASF and JPL steps into new deployment docs
ab16d6b
@jtherrmann
Merge branch 'develop' into deployment-docs
93f3ccd
@jtherrmann
move deployment.md contents to README
8dddd7f
@jtherrmann
move cicd-stack/ back to docs/deployments/
9f72b3a
@jtherrmann
move ASF-specific steps to README
662b56f
@jtherrmann
move JPL deployment steps to README, delete empty ASF-deployment.md
a294bb6
@jtherrmann
move cicd stack templates
6669942
@jtherrmann
wording
987828f
@jtherrmann
Merge branch 'develop' into deployment-docs
f447ef3
@jhkennedy
Add alerts/admotions and collapsing sections
6167df7
@jhkennedy
fixes
919cf64
@jhkennedy
tweak wording
26e51ae
@jhkennedy
encourage branch protection
8e18b15
@jhkennedy
fix alerts
6a38572
@jtherrmann
Merge branch 'deployment-docs' into jhk-deploy-docs
6378738
@jtherrmann
Merge branch 'develop' into deployment-docs
99bac24
@jtherrmann
Merge branch 'deployment-docs' into jhk-deploy-docs
ff7bc0a
@jtherrmann
Merge branch 'develop' into deployment-docs
be3bbc4
@jtherrmann
Merge branch 'deployment-docs' into jhk-deploy-docs
307d6f0
@dependabot
Bump cfn-lint from 1.34.2 to 1.35.1
5e65a3c 
Bumps [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) from 1.34.2 to 1.35.1.
- [Release notes](https://github.com/aws-cloudformation/cfn-lint/releases)
- [Changelog](https://github.com/aws-cloudformation/cfn-lint/blob/main/CHANGELOG.md)
- [Commits](aws-cloudformation/cfn-lint@v1.34.2...v1.35.1)

---
updated-dependencies:
- dependency-name: cfn-lint
  dependency-version: 1.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump boto3 from 1.38.9 to 1.38.14
855c050 
Bumps [boto3](https://github.com/boto/boto3) from 1.38.9 to 1.38.14.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.38.9...1.38.14)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.38.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump ruff from 0.11.8 to 0.11.9
ab4107d 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.8 to 0.11.9.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.11.8...0.11.9)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump flask from 3.1.0 to 3.1.1
73110d2 
Bumps [flask](https://github.com/pallets/flask) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@3.1.0...3.1.1)

---
updated-dependencies:
- dependency-name: flask
  dependency-version: 3.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@jtherrmann
Merge pull request #2759 from ASFHyP3/dependabot/pip/ruff-0.11.9
0c6ed6b 
Bump ruff from 0.11.8 to 0.11.9
@jtherrmann
Merge pull request #2758 from ASFHyP3/dependabot/pip/boto3-1.38.14
5bcc1d9 
Bump boto3 from 1.38.9 to 1.38.14
@jtherrmann
Merge pull request #2757 from ASFHyP3/dependabot/pip/cfn-lint-1.35.1
cef21cb 
Bump cfn-lint from 1.34.2 to 1.35.1
@jtherrmann
Merge pull request #2760 from ASFHyP3/dependabot/pip/flask-3.1.1
d674440 
Bump flask from 3.1.0 to 3.1.1
@dependabot
Bump setuptools from 80.3.1 to 80.4.0
18768ab 
Bumps [setuptools](https://github.com/pypa/setuptools) from 80.3.1 to 80.4.0.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v80.3.1...v80.4.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-version: 80.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
jtherrmann and others added 22 commits May 19, 2025 11:47
@jtherrmann
Merge branch 'deployment-docs' into jhk-deploy-docs
cc53d94
@dependabot
Bump ruff from 0.11.9 to 0.11.10
527f058 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.9 to 0.11.10.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.11.9...0.11.10)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump cryptography from 44.0.3 to 45.0.2
2623dce 
Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.3 to 45.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@44.0.3...45.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 45.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump shapely from 2.0.7 to 2.1.1
0b54b61 
Bumps [shapely](https://github.com/shapely/shapely) from 2.0.7 to 2.1.1.
- [Release notes](https://github.com/shapely/shapely/releases)
- [Changelog](https://github.com/shapely/shapely/blob/main/CHANGES.txt)
- [Commits](shapely/shapely@2.0.7...2.1.1)

---
updated-dependencies:
- dependency-name: shapely
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump boto3 from 1.38.14 to 1.38.19
664baa9 
Bumps [boto3](https://github.com/boto/boto3) from 1.38.14 to 1.38.19.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.38.14...1.38.19)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.38.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@jtherrmann
Merge pull request #2603 from ASFHyP3/jhk-deploy-docs
6d8a46a 
Tweak the updated deployment docs
@jtherrmann
finish moving stuff from enterprise deployment dev docs article
6dca224
@jtherrmann
Merge pull request #2763 from ASFHyP3/dependabot/github_actions/ASFHy…
06ac2a6 
…P3/actions-0.19.0

Bump ASFHyP3/actions from 0.18.1 to 0.19.0
@jtherrmann
Merge pull request #2764 from ASFHyP3/dependabot/pip/ruff-0.11.10
8653523 
Bump ruff from 0.11.9 to 0.11.10
@jtherrmann
Merge pull request #2767 from ASFHyP3/dependabot/pip/boto3-1.38.19
c550cd6 
Bump boto3 from 1.38.14 to 1.38.19
@jtherrmann
move deployment deletion steps
1036bb4
@jtherrmann
tweaks based on final proofread
9493fc5
@jtherrmann
Merge branch 'develop' into deployment-docs
9d5e05c
@jtherrmann @jhkennedy
Update README.md
3c803bb 
Co-authored-by: Joseph H Kennedy <me@jhkennedy.org>
@jtherrmann
Merge pull request #2579 from ASFHyP3/deployment-docs
046225c 
Update deployment docs
@jtherrmann
Merge pull request #2766 from ASFHyP3/dependabot/pip/shapely-2.1.1
e1c6f79 
Bump shapely from 2.0.7 to 2.1.1
@jtherrmann
Merge pull request #2765 from ASFHyP3/dependabot/pip/cryptography-45.0.2
060d544 
Bump cryptography from 44.0.3 to 45.0.2
@jtherrmann
Merge pull request #2762 from ASFHyP3/dependabot/pip/flask-cors-6.0.0
07a108c 
Bump flask-cors from 5.0.1 to 6.0.0
@asjohnston-asf
increase vcpus in edc-prod deployment
31801fd
@jtherrmann
Update CHANGELOG.md
5f2e21b
@asjohnston-asf
Merge pull request #2769 from ASFHyP3/deployment-docs-changelog
87ff7ac 
deployment docs changelog entry
@asjohnston-asf
Merge pull request #2768 from ASFHyP3/edc-scaling
389338c 
increase vcpus in edc-prod deployment
@asjohnston-asf asjohnston-asf requested review from a team as code owners May 23, 2025 00:03
@asjohnston-asf asjohnston-asf added the patch Bump the patch version number of this project label May 23, 2025
github-advanced-security[bot]
github-advanced-security AI found potential problems May 23, 2025
View reviewed changes
Comment thread .github/workflows/changelog.yml
jobs:
call-changelog-check-workflow:
uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.18.1
uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.19.0

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 11 months ago

To fix the issue, we will add a permissions block at the root level of the workflow. This block will specify the minimal permissions required for the workflow to function. Since the workflow is related to checking changelogs, it likely only needs contents: read permission to access repository contents. This change ensures that the GITHUB_TOKEN has restricted access, reducing the risk of unintended actions.

Suggested changeset 1
.github/workflows/changelog.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
--- a/.github/workflows/changelog.yml
+++ b/.github/workflows/changelog.yml
@@ -2,2 +2,5 @@
 
+permissions:
+  contents: read
+
 on:
EOF
@@ -2,2 +2,5 @@

permissions:
contents: read

on:
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Comment thread .github/workflows/labeled-pr.yml
jobs:
call-labeled-pr-check-workflow:
uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.18.1
uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.19.0

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 11 months ago

To fix the issue, we will add a permissions block at the root of the workflow file. This block will specify the minimal permissions required for the workflow to function. Based on the context, the workflow likely only needs contents: read permissions, as it is checking labels on pull requests and does not appear to modify repository contents or perform other write operations.

Suggested changeset 1
.github/workflows/labeled-pr.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/labeled-pr.yml b/.github/workflows/labeled-pr.yml
--- a/.github/workflows/labeled-pr.yml
+++ b/.github/workflows/labeled-pr.yml
@@ -2,2 +2,5 @@
 
+permissions:
+  contents: read
+
 on:
EOF
@@ -2,2 +2,5 @@

permissions:
contents: read

on:
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 23, 2025
edited by jtherrmann
Loading

Developer checklist

  • Indicated the level of changes to this package by affixing one of these labels:
    • major -- Major changes to the API that may break current workflows
    • minor -- Minor changes to the API that do not break current workflows
    • patch -- Patches and bugfixes for the current version that do not break current workflows
    • bumpless -- Changes to documentation, CI/CD pipelines, etc. that don't affect the software's version
  • (If applicable) Updated the dependencies and indicated any downstream changes that are required
  • Added/updated documentation for these changes
  • Added/updated tests for these changes
  • Verified changes in test deployment and summarized results, e.g. in PR description or comments on the related issue(s)
  • If the step function code has changed, have you drained the job queue before merging?
    • For example, if the interface for a Lambda function has changed to expect different input,
      then currently running jobs (which use the old step function definition) will call the new
      function with the old input. So we must drain the job queue before deployment, so that the new
      function is only called by the new step function definition.

Reviewer checklist

  • Have all dependencies been updated?
  • Is the level of changes labeled appropriately?
  • Are all the changes described appropriately in CHANGELOG.md?
  • Has the documentation been adequately updated?
  • Are the tests adequate?
  • Have the changes been verified in the test deployment?

@asjohnston-asf asjohnston-asf merged commit 0d58da5 into main May 23, 2025
28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jtherrmann jtherrmann jtherrmann approved these changes

Assignees

No one assigned

Labels

patch Bump the patch version number of this project

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@asjohnston-asf @jtherrmann @github-advanced-security @jhkennedy