Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
d92093a
add alerts module, import module and update vars wip
mwirikia Apr 13, 2026
c310d0b
update ci yml and dockerfile dependencies wip
mwirikia Apr 13, 2026
9dc5052
add module tag and multistage Dockerfile build wip
mwirikia Apr 13, 2026
f263e28
add GH token to build wip
mwirikia Apr 13, 2026
a91b2aa
no poetry needed wip
mwirikia Apr 13, 2026
ccb464f
add GH to ci.yml wip
mwirikia Apr 13, 2026
2d85abf
update build image sh to use GH token wip
mwirikia Apr 13, 2026
48d8e5c
update Dockerfile wip
mwirikia Apr 13, 2026
73790c3
update module name wip
mwirikia Apr 13, 2026
1bc2afe
test alert on user login works wip
mwirikia Apr 13, 2026
1f691a7
test alert wip
mwirikia Apr 13, 2026
0fc80be
update var wip
mwirikia Apr 13, 2026
44e6deb
update syspath for python builder
mwirikia Apr 13, 2026
51f126f
update req wip
mwirikia Apr 13, 2026
4ff7011
missing keyword wip
mwirikia Apr 13, 2026
4acf36a
update iam role wip
mwirikia Apr 13, 2026
7baa1cb
test alert from TATAPI wip
mwirikia Apr 13, 2026
0569f66
test alert wip
mwirikia Apr 13, 2026
d247fef
get env in app wip
mwirikia Apr 13, 2026
81b51f5
add aws acc name var
mwirikia Apr 13, 2026
077b2d3
Refactor Dockerfile and enhance error handling in resources and utils…
mwirikia Apr 22, 2026
e232193
Refactor API response serialization and enhance testing setup; add Te…
mwirikia Apr 22, 2026
d579b1a
Update documentation and improve API responses; enhance testing setup…
mwirikia Apr 22, 2026
486fb20
Merge branch 'main' into keh-1823_add_teams_alert
mwirikia Apr 22, 2026
a665e4e
Enhance Teams alert integration and error handling; update documentat…
mwirikia Apr 22, 2026
6edf943
Add GitHub authentication configuration for git dependencies in CI wo…
mwirikia Apr 22, 2026
ef92a22
Update CI workflow to install Poetry 2.3.2 and configure system git c…
mwirikia Apr 22, 2026
7377e90
Update content hash in poetry.lock for dependency resolution
mwirikia Apr 22, 2026
4b0518c
Refactor CI workflow to remove private alert dependency and streamlin…
mwirikia Apr 22, 2026
eff6440
Potential fix for pull request finding
mwirikia Apr 27, 2026
f159340
Refactor CI workflow to remove private alert dependency and update de…
mwirikia Apr 29, 2026
3569c8c
Add aws_account_name variable for Lambda runtime and update documenta…
mwirikia Apr 29, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Install Poetry
run: pipx install poetry==1.7.1
run: pipx install poetry==2.3.2

- name: Set up Python
uses: actions/setup-python@v5
Expand All @@ -37,10 +37,10 @@ jobs:
run: python -c "import sys; print(sys.version)"

- name: Install dependencies
run: make install-dev
run: poetry install --with dev --without alerts --no-root

- name: Lint Python
run: make lint

- name: Cleanup residue file
run: make clean
run: make clean
67 changes: 28 additions & 39 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,15 +86,16 @@ poetry run flask --app app run --port=8000

This repo utilises PyTest for the testing. Please make sure you have installed dev dependencies before running tests.

To test you need a mock token. Visit the Cognito UI with the redirect URL set to your local environment. Once successully logged in, copy the `id_token`.
Local tests now mock AWS Secrets Manager, Cognito settings and Teams alert configuration in `testing/conftest.py`, so a real AWS session or Cognito token is not required for `pytest`.

Then import the token into your environment and set the email of the user you want to test with:
If you want to override the default mocked user in tests, set:

```bash
export MOCK_TOKEN=<id_token>
export MOCK_USER_EMAIL=<email>
```

`MOCK_TOKEN` is optional for local tests and defaults to `local-test-token`.

Make sure dev dependencies are installed:
```bash
make install-dev
Expand All @@ -105,8 +106,6 @@ When in root directory, run the testing command. If you are in `aws_lambda_scrip
make pytest
```

If all tests fail, please relogin to the Cognito and use a new token.

Once you have finished testing, clean the temp files with:
```bash
make clean
Expand All @@ -116,7 +115,7 @@ make clean

View the Postman workspace for this project [here](https://www.postman.com/science-pilot-55892832/workspace/keh-tech-audit-tool-api/collection/38871441-e42f661e-6430-4f46-8182-083e9e0fd4ad?action=share&creator=38871441&active-environment=38871441-7c5e3795-74f5-46b3-9034-637561aba746).

Please read the description or README to understand how to use this workspace. You need to get a mock_token to authenticate yourself in each request.
Please read the description or README to understand how to use this workspace. Postman requests still require a real Cognito ID token in the `Authorization` header.

## MkDocs Documentation

Expand Down Expand Up @@ -152,7 +151,7 @@ This will build the MkDocs documentation and deploy it to the `gh-pages` branch

## API Reference

Before testing the API, you need to use the above instructions at **Testing** to get a mock token, as all requests need to be authenticated.
Before calling the API manually, use a valid Cognito ID token in the `Authorization` header. Local `pytest` runs mock authentication automatically.

| Header | Type | Description |
| :-------- | :------- | :------------------------- |
Expand Down Expand Up @@ -185,7 +184,7 @@ can be used multiple times to get a new id_token.
GET /api/v1/projects
```

Get's the projects associated with the users email.
Gets all projects currently stored by the API.

### Get a specific user project

Expand All @@ -198,7 +197,7 @@ GET /api/v1/projects/<project_name>
| `<project_name>` | `string` | **Required**. The project you want to get |


Get's a specific project from the user.
Gets a specific project by name.

### Create a new project

Expand Down Expand Up @@ -229,7 +228,7 @@ Send JSON in this format:
"project_description": "Description"
}]
,
"developed": ["In-house", []],
"developed": ["In-house"],
"source_control": [
{
"type": "GitHub",
Expand Down Expand Up @@ -280,51 +279,46 @@ Send JSON in this format:
}
},
"stage":"Development",
"project_dependencies":[
{
"name": "string",
"description": "string"
}
],
"supporting_tools": {
"code_editors": {
"main": [],
"others": [
"List of strings"
]
},
"ui_tools": {
"user_interface": {
"main": [],
"others": [
"List of strings"
]
},
"diagram_tools": {
"diagrams": {
"main": [],
"others": [
"List of strings"
]
},
"project_tracking_tools": "string",
"documentation_tools": {
"project_tracking": "string",
"documentation": {
"main": [],
"others": [
"List of strings"
]
},
"communication_tools": {
"communication": {
"main": [],
"others": [
"List of strings"
]
},
"collaboration_tools": {
"collaboration": {
"main": [],
"others": [
"List of strings"
]
},
"incident_management": "string"
"incident_management": "string",
"miscellaneous": []
}
}
```
Expand All @@ -351,9 +345,9 @@ GET /api/v1/projects/filter
| `<return>` | `string` | What you want returned from the project. Multiple return filter seperated by a comma (,) |


Get's projects using a filter.
Gets projects using one or more query filters.

Filter can be one or more of: email, roles, name, developed, source_control, hosting, database, languages, frameworks, cicd, infrastructure.
Filter can be one or more of: email, roles, name, developed, source_control, hosting, database, languages, frameworks, cicd, environments, infrastructure, publishing.

Return can be one or more of: user, details, developed, source_control, architecture.

Expand Down Expand Up @@ -392,7 +386,7 @@ Send JSON in this format:
"project_description": "Description"
}]
,
"developed": ["In-house", []],
"developed": ["In-house"],
"source_control": [
{
"type": "GitHub",
Expand Down Expand Up @@ -443,51 +437,46 @@ Send JSON in this format:
}
},
"stage":"Development",
"project_dependencies":[
{
"name": "string",
"description": "string"
}
],
"supporting_tools": {
"code_editors": {
"main": [],
"others": [
"List of strings"
]
},
"ui_tools": {
"user_interface": {
"main": [],
"others": [
"List of strings"
]
},
"diagram_tools": {
"diagrams": {
"main": [],
"others": [
"List of strings"
]
},
"project_tracking_tools": "string",
"documentation_tools": {
"project_tracking": "string",
"documentation": {
"main": [],
"others": [
"List of strings"
]
},
"communication_tools": {
"communication": {
"main": [],
"others": [
"List of strings"
]
},
"collaboration_tools": {
"collaboration": {
"main": [],
"others": [
"List of strings"
]
},
"incident_management": "string"
"incident_management": "string",
"miscellaneous": []
}
}
```
Expand Down
45 changes: 31 additions & 14 deletions aws_lambda_script/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,23 +1,40 @@
# Use an official Python runtime as a parent image
FROM python:3.12-slim AS builder
WORKDIR /build

RUN apt-get update && apt-get install -y --no-install-recommends git \
&& rm -rf /var/lib/apt/lists/*

RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"

COPY requirements.txt .
RUN pip install --no-cache-dir --upgrade pip setuptools wheel
# Github token needed to install Github private dependencies, then token deleted.
RUN --mount=type=secret,id=github_token \
Comment thread
mwirikia marked this conversation as resolved.
set -e; \
if [ -f /run/secrets/github_token ]; then \
GITHUB_TOKEN="$(cat /run/secrets/github_token)"; \
git config --global url."https://${GITHUB_TOKEN}:x-oauth-basic@github.com/".insteadOf "https://github.com/"; \
fi; \
pip install --no-cache-dir -r requirements.txt; \
rm -f /root/.gitconfig 2>/dev/null || true

# Stage 2: runtime (Lambda base)
FROM public.ecr.aws/lambda/python:3.12
# Set the working directory in the container
WORKDIR /var/task
# Upgrade tooling and awslambdaric
RUN pip install --no-cache-dir --upgrade pip setuptools wheel && \
pip install --no-cache-dir --upgrade awslambdaric
# Create a non-root user and group manually
RUN mkdir -p /home/appuser && \
chown -R 1000:1000 /home/appuser
# Copy the requirements.txt first to leverage Docker's cache for dependencies
COPY requirements.txt .
# Install the dependencies
RUN pip install --no-cache-dir -r requirements.txt
# Copy the app folder (with your Flask app) and the lambda_handler.py

# Copy dependencies into /var/task so Lambda always imports them
COPY --from=builder /opt/venv/lib/python3.12/site-packages/ /var/task/

# Ensure /var/task is on sys.path
ENV PYTHONPATH="/var/task:${PYTHONPATH}"

COPY app/ /var/task/app/
COPY main.py /var/task/

# Change ownership of the application files to the non-root user
RUN chown -R 1000:1000 /var/task
# Switch to non-root user
USER 1000
# The CMD specifies the handler to use in AWS Lambda

CMD ["main.lambda_handler"]
Loading
Loading