Merge branch 'develop' v0.4.0

Author: Bob Strahan

.github/workflows/developer-tests.yml

@@ -0,0 +1,120 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: MIT-0
+
+name: Developer Tests
+
+on:
+  pull_request:
+    branches:
+      - "**" # Run on PR open, update, or synchronize (i.e., any push to PR branch)
+
+# Global timeout for all jobs
+# Note: GitHub Actions uses minutes, GitLab uses duration strings
+jobs:
+  developer_tests:
+    name: Lint, Type Check, and Test
+    runs-on: ubuntu-latest
+    timeout-minutes: 120 # 2 hours
+
+    # Use Python 3.13 to match GitLab configuration
+    container:
+      image: python:3.13-bookworm
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Fetch all history for git diff in typecheck-pr
+
+      - name: Set up Git safe directory
+        run: |
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - name: Fetch base branch
+        run: |
+          git fetch origin ${{ github.base_ref || 'main' }}:refs/remotes/origin/${{ github.base_ref || 'main' }}
+          git branch -a
+
+      - name: Set up environment
+        run: |
+          python --version
+          apt-get update -y
+          apt-get install make curl -y
+
+      - name: Install uv
+        run: |
+          curl -LsSf https://astral.sh/uv/install.sh | sh
+          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+
+      - name: Create virtual environment
+        run: |
+          uv venv .venv
+          echo "$GITHUB_WORKSPACE/.venv/bin" >> $GITHUB_PATH
+
+      - name: Install Node.js and basedpyright
+        run: |
+          curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+          apt-get install -y nodejs
+          npm install -g basedpyright
+
+      - name: Install Python dependencies
+        run: |
+          uv pip install ruff
+          uv pip install typer rich boto3
+          cd lib/idp_common_pkg && uv pip install -e ".[test]" && cd ../..
+
+      - name: Run linting checks
+        run: make lint-cicd
+
+      - name: Run type checking
+        run: |
+          TARGET_BRANCH="${{ github.base_ref }}"
+          echo "=== Type Checking Configuration ==="
+          echo "PR target branch (github.base_ref): $TARGET_BRANCH"
+          echo "Comparing: origin/$TARGET_BRANCH...HEAD"
+          echo "===================================="
+          echo ""
+
+          make typecheck-pr TARGET_BRANCH="$TARGET_BRANCH"
+
+      - name: Run tests
+        id: run-tests
+        run: make test-cicd -C lib/idp_common_pkg
+        continue-on-error: false
+
+      - name: Upload coverage reports
+        uses: actions/upload-artifact@v4
+        if: always() && steps.run-tests.outcome != 'skipped'
+        with:
+          name: test-reports
+          path: |
+            lib/idp_common_pkg/test-reports/coverage.xml
+            lib/idp_common_pkg/test-reports/test-results.xml
+          retention-days: 7
+
+      - name: Publish test results
+        uses: EnricoMi/publish-unit-test-result-action@v2
+        if: always() && hashFiles('lib/idp_common_pkg/test-reports/test-results.xml') != ''
+        with:
+          files: lib/idp_common_pkg/test-reports/test-results.xml
+          check_name: Test Results
+
+      - name: Code Coverage Report
+        uses: irongut/CodeCoverageSummary@v1.3.0
+        if: always() && hashFiles('lib/idp_common_pkg/test-reports/coverage.xml') != ''
+        with:
+          filename: lib/idp_common_pkg/test-reports/coverage.xml
+          badge: true
+          fail_below_min: false
+          format: markdown
+          hide_branch_rate: false
+          hide_complexity: true
+          indicators: true
+          output: both
+          thresholds: "60 80"
+
+      # Note: PR comments disabled for fork PRs due to permission restrictions
+      # Coverage results are available in:
+      # 1. Workflow artifacts (test-reports)
+      # 2. Job summary (automatically generated by CodeCoverageSummary)
+      # 3. GitHub checks tab

.gitignore

@@ -23,4 +23,12 @@ notebooks/examples/data
 .idea/
 .dsr/
 *tmp-dev-assets*
-scratch/
+scratch/
+
+# Node.js / npm
+node_modules/
+package-lock.json
+
+# Type checking
+pyrightconfig.temp.json
+.pyright/

.gitlab-ci.yml

@@ -26,22 +26,42 @@ stages:
 developer_tests:
   stage: developer_tests
   rules:
-    - when: always  # Run on all branches
-  
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      when: always # Only run on merge requests (PRs), not on merged branches
+
   before_script:
     - python --version
     - apt-get update -y
-    - apt-get install make -y
-    - pip install ruff
+    - apt-get install make curl git -y
+    # Fetch target branch for comparison in typecheck-pr
+    - export TARGET_BRANCH="${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:-main}"
+    - echo "MR target branch (CI_MERGE_REQUEST_TARGET_BRANCH_NAME):$TARGET_BRANCH"
+    - git fetch origin $TARGET_BRANCH:$TARGET_BRANCH || echo "Could not fetch $TARGET_BRANCH branch"
+    # Install uv
+    - pip install uv
+    # Create virtual environment
+    - uv venv .venv
+    - source .venv/bin/activate
+    # Install Node.js and npm for basedpyright
+    - curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+    - apt-get install -y nodejs
+    - npm install -g basedpyright
+    - uv pip install ruff
     # Install dependencies needed by publish.py for test imports
-    - pip install typer rich boto3
+    - uv pip install typer rich boto3
     # Install test dependencies
-    - cd lib/idp_common_pkg && pip install -e ".[test]" && cd ../..
+    - cd lib/idp_common_pkg && uv pip install -e ".[test]" && cd ../..
 
   script:
     - make lint-cicd
+    - echo "=== Type Checking Configuration ==="
+    - echo "MR target branch:$TARGET_BRANCH"
+    - echo "Comparing:$TARGET_BRANCH...HEAD"
+    - echo "===================================="
+    - echo ""
+    - make typecheck-pr TARGET_BRANCH=$TARGET_BRANCH
     - make test-cicd -C lib/idp_common_pkg
-  
+
   artifacts:
     paths:
       - lib/idp_common_pkg/test-reports/coverage.xml
@@ -53,6 +73,25 @@ developer_tests:
       junit: lib/idp_common_pkg/test-reports/test-results.xml
     expire_in: 1 week
 
+deployment_validation:
+  stage: deployment_validation
+  rules:
+    - when: on_success
+
+  before_script:
+    - apt-get update -y
+    - apt-get install curl unzip python3-pip -y
+    # Install AWS CLI
+    - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+    - unzip awscliv2.zip
+    - ./aws/install
+    # Install PyYAML for template analysis
+    - pip install PyYAML
+
+  script:
+    # Check if service role has sufficient permissions for main stack deployment
+    - python3 scripts/validate_service_role_permissions.py
+
 integration_tests:
   stage: integration_tests
   timeout: 2h
@@ -61,9 +100,8 @@ integration_tests:
   #   AWS_CREDS_TARGET_ROLE: ${AWS_CREDS_TARGET_ROLE}
   #   AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION}
   #   IDP_ACCOUNT_ID: ${IDP_ACCOUNT_ID}
-  
- # Add rules to only run on develop branch
- # Add rules to only run on develop branch
+
+  # Add rules to only run on develop branch
   rules:
     - if: $CI_COMMIT_BRANCH == "develop"
       when: on_success
@@ -78,44 +116,23 @@ integration_tests:
     - when: manual
 
   before_script:
-    - python --version
     - apt-get update -y
-    - apt-get install zip unzip curl make -y
-       
-    # Install Poetry
-    - curl -sSL https://install.python-poetry.org | python3 -
-    - export PATH="/root/.local/bin:$PATH"
-    - poetry --version
-
+    - apt-get install zip unzip curl python3-pip -y
     # Install AWS CLI
     - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
     - unzip awscliv2.zip
     - ./aws/install
+    # Install boto3 for Python script
+    - pip install boto3
 
   script:
     - aws --version
     - aws sts get-caller-identity --no-cli-pager
-    - cd ./scripts/sdlc/idp-cli
-    - poetry install
-    - make put
-    - make wait
-
-deployment_validation:
-  stage: deployment_validation
-  rules:
-    - when: on_success
 
-  before_script:
-    - apt-get update -y
-    - apt-get install curl unzip python3-pip -y
-    # Install AWS CLI
-    - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
-    - unzip awscliv2.zip
-    - ./aws/install
-    # Install PyYAML for template analysis
-    - pip install PyYAML
+    # Set environment variables for Python script
+    - export IDP_ACCOUNT_ID=${IDP_ACCOUNT_ID:-020432867916}
+    - export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-east-1}
+    - export IDP_PIPELINE_NAME=idp-sdlc-deploy-pipeline
 
-  script:
-    # Check if service role has sufficient permissions for main stack deployment
-    - python3 scripts/validate_service_role_permissions.py
-  
+    # Run integration test deployment
+    - python3 scripts/integration_test_deployment.py

.python-version

@@ -0,0 +1 @@
+3.12