Unicorn approvals (#175)

* feat: add command to list the parameters in parameters store

* refactor: renamed UnicornPropertiesNamespace to UnicornApprovalsNamespace in shared namespace definition

* refactor: updated resolve:ssm references for  UnicornPropertiesNamespace to UnicornApprovalsNamespace across multiple templates

* refactor: rename unicorn properties to unicorn approvals

* refactor: update event bus references from UnicornProperties to UnicornApprovals in subscriptions.yaml

* refactor: update references from UnicornProperties to UnicornApprovals in dependabot configuration and unit test workflows

* chore: upgrade actions/upload-artifact from v3 to v4 in GitHub workflow

* fixed small issues

* refactor: rename properties_service to approvals_service and update related handlers and configurations

* chore: update Approvals readme

* chore: updated contracts readme

* chore: update web readme

* chore: updated main readme

* chore: upgrade actions/checkout and actions/github-script to v4 and v7 respectively in GitHub workflows

* chore: update README to reflect new build workflow and correct image tag

* chore: add GitHub Actions workflow for building Python services

* chore: add ruff installation step to GitHub Actions build workflow

* chore: modify GitHub Actions build workflow to use uv run for build and clean steps

* chore: upgrade CodeQL action versions to v3 in GitHub workflows

* chore: update cfn-lint installation step in GitHub Actions workflow to include serverless plugin

* fix: allow cfn-lint command to continue on error in Makefile

* some name changes to approvals. Moved example events to other folder for parity with TypeScript version and workshop description

* fixing unint tests

* downgrade cfn-lint serverless-rules because of an issue with v0.3.3

* Revert "downgrade cfn-lint serverless-rules because of an issue with v0.3.3"

This reverts commit f383b3d.

* chore: update architecture diagram

* refactor: update event source and rule names to use 'unicorn.approvals'

* refactor: renames ApprovalService to PublicationManagerService for handling publication approval requests and events

* fix: remove error suppression for cfn-lint command. Removed uv build-system configuration for Approvals and Contracts

* fix: update import path for request approval function to use PublicationManagerService

* chore: minor update to readme file

* chore: updated approvals readme

* chore: updated bus name in test events

* chore: updated readme and spelling mistakes

* chore: bumped dependencies

* fix: syncing templates

---------

Co-authored-by: Marco Buss <[email protected]>

Author: sliedig

.github/dependabot.yml

@@ -8,7 +8,7 @@ updates:
   - package-ecosystem: "pip" # See documentation for possible values
     directories: 
       - "unicorn_contracts" # Location of package manifests
-      - "unicorn_properties"
+      - "unicorn_approvals"
       - "unicorn_web"
     schedule:
       interval: "weekly"

.github/workflows/auto_assign.yml

@@ -7,4 +7,4 @@ jobs:
   add-reviews:
     runs-on: ubuntu-latest
     steps:
-      - uses: kentaro-m/auto-assign-action@v1.2.5
+      - uses: kentaro-m/auto-assign-action@v2.0.0

.github/workflows/build.yml

@@ -0,0 +1,80 @@
+name: Build Python Services
+
+on:
+  push:
+    branches: [develop, main]
+    paths:
+      - 'unicorn_contracts/**'
+      - 'unicorn_approvals/**'
+      - 'unicorn_web/**'
+  pull_request:
+    branches: [develop, main]
+    paths:
+      - 'unicorn_contracts/**'
+      - 'unicorn_approvals/**'
+      - 'unicorn_web/**'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        service: [unicorn_contracts, unicorn_approvals, unicorn_web]
+        include:
+          - service: unicorn_contracts
+            display_name: Unicorn Contracts Service
+          - service: unicorn_approvals
+            display_name: Unicorn Approvals Service
+          - service: unicorn_web
+            display_name: Unicorn Web Service
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.12
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          version: 0.7.8
+
+      - name: Install AWS SAM CLI
+        uses: aws-actions/setup-sam@v2
+
+      - name: Install cfn-lint and plugins
+        run: |
+          pip install cfn-lint
+          pip install cfn-lint-serverless
+
+      - name: Install yq
+        run: |
+          sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
+          sudo chmod a+x /usr/local/bin/yq
+
+      - name: Initialize dependencies for ${{ matrix.display_name }}
+        run: make ci_init
+        working-directory: ./${{ matrix.service }}
+
+      - name: Build ${{ matrix.display_name }}
+        run: |
+          # Use uv run to ensure all commands run in the virtual environment
+          uv run make build
+        working-directory: ./${{ matrix.service }}
+        env:
+          DOCKER_OPTS: --use-container
+
+      - name: Upload build artifacts for ${{ matrix.display_name }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.service }}-build-artifacts
+          path: ${{ matrix.service }}/.aws-sam/
+          retention-days: 7
+
+      - name: Clean up ${{ matrix.display_name }}
+        run: uv run make clean
+        working-directory: ./${{ matrix.service }}
+        if: always() 

.github/workflows/codeql-analysis.yml

@@ -25,18 +25,18 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@2ca79b6fa8d3ec278944088b4aa5f46912db5d63  #v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     # - name: Autobuild
-    #   uses: github/codeql-action/autobuild@2ca79b6fa8d3ec278944088b4aa5f46912db5d63  #v2
+    #   uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -49,4 +49,4 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@2ca79b6fa8d3ec278944088b4aa5f46912db5d63  #v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/label_pr_on_title.yml

@@ -22,9 +22,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: "Label PR based on title"
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         env:
           PR_NUMBER: ${{ needs.get_pr_details.outputs.prNumber }}
           PR_TITLE: ${{ needs.get_pr_details.outputs.prTitle }}

.github/workflows/on_label_added.yml

@@ -23,10 +23,10 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       # Maintenance: Persist state per PR as an artifact to avoid spam on label add
       - name: "Suggest split large Pull Request"
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         env:
           PR_NUMBER: ${{ needs.get_pr_details.outputs.prNumber }}
           PR_ACTION: ${{ needs.get_pr_details.outputs.prAction }}

.github/workflows/on_merged_pr.yml

@@ -20,9 +20,9 @@ jobs:
     runs-on: ubuntu-latest
     if: needs.get_pr_details.outputs.prIsMerged == 'true'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: "Label PR related issue for release"
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         env:
           PR_NUMBER: ${{ needs.get_pr_details.outputs.prNumber }}
           PR_BODY: ${{ needs.get_pr_details.outputs.prBody }}

.github/workflows/on_opened_pr.yml

@@ -19,9 +19,9 @@ jobs:
     needs: get_pr_details
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: "Ensure related issue is present"
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         env:
           PR_BODY: ${{ needs.get_pr_details.outputs.prBody }}
           PR_NUMBER: ${{ needs.get_pr_details.outputs.prNumber }}
@@ -36,9 +36,9 @@ jobs:
     needs: get_pr_details
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: "Ensure acknowledgement section is present"
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         env:
           PR_BODY: ${{ needs.get_pr_details.outputs.prBody }}
           PR_NUMBER: ${{ needs.get_pr_details.outputs.prNumber }}

.github/workflows/record_pr.yml

@@ -9,14 +9,14 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: "Extract PR details"
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             const script = require('.github/scripts/save_pr_details.js')
             await script({github, context, core})
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: pr
           path: pr.txt

.github/workflows/reusable_export_pr_details.yml

@@ -59,9 +59,9 @@ jobs:
       prIsMerged: ${{ steps.prIsMerged.outputs.prIsMerged }}
     steps:
       - name: Checkout repository # in case caller workflow doesn't checkout thus failing with file not found
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: "Download previously saved PR"
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         env:
           WORKFLOW_ID: ${{ inputs.record_pr_workflow_id }}
         # For security, we only download artifacts tied to the successful PR recording workflow