ASFHyP3 · jtherrmann · Jan 8, 2025 · Dec 17, 2024 · Dec 17, 2024 · Dec 18, 2024
@@ -13,4 +13,4 @@
 
 jobs:
   call-changelog-check-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.12.0
+    uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.13.2
@@ -6,10 +6,10 @@
 
 jobs:
   call-create-jira-issue-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-create-jira-issue.yml@v0.12.0
+    uses: ASFHyP3/actions/.github/workflows/reusable-create-jira-issue.yml@v0.13.2
     secrets:
       JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
       JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
      JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
      JIRA_PROJECT: ${{ secrets.JIRA_PROJECT }}
      JIRA_FIELDS: ${{ secrets.JIRA_FIELDS }}
@@ -53,6 +53,7 @@ jobs:
               job_spec/INSAR_GAMMA.yml
               job_spec/RTC_GAMMA.yml
               job_spec/INSAR_ISCE_BURST.yml
+              job_spec/OPERA_DISP_TMS.yml
             instance_types: r6id.xlarge,r6id.2xlarge,r6id.4xlarge,r6id.8xlarge,r6idn.xlarge,r6idn.2xlarge,r6idn.4xlarge,r6idn.8xlarge
             default_max_vcpus: 1500
             expanded_max_vcpus: 3000
@@ -77,7 +78,7 @@ jobs:
 
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.13
 
       - uses: ./.github/actions/deploy-hyp3
         if: github.ref == matrix.deploy_ref
@@ -111,6 +112,6 @@ jobs:
   call-bump-version-workflow:
     if: github.ref == 'refs/heads/main'
     needs: deploy
-    uses: ASFHyP3/actions/.github/workflows/reusable-bump-version.yml@v0.12.0
+    uses: ASFHyP3/actions/.github/workflows/reusable-bump-version.yml@v0.13.2
     secrets:
       USER_TOKEN: ${{ secrets.TOOLS_BOT_PAK }}
@@ -113,7 +113,7 @@ jobs:
 
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.13
 
       - uses: ./.github/actions/deploy-hyp3
         with:

@@ -270,7 +270,7 @@ jobs:
 
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.13
 
       - uses: ./.github/actions/deploy-hyp3
         with:

@@ -54,7 +54,7 @@ jobs:
 
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.13
 
       - uses: ./.github/actions/deploy-hyp3
         with:

@@ -12,4 +12,4 @@
 
 jobs:
   call-labeled-pr-check-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.12.0
+    uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.13.2
@@ -7,7 +7,7 @@ on:
 
 jobs:
   call-release-checklist-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-release-checklist-comment.yml@v0.12.0
+    uses: ASFHyP3/actions/.github/workflows/reusable-release-checklist-comment.yml@v0.13.2
     permissions:
       pull-requests: write
     with:

@@ -7,8 +7,8 @@
 
 jobs:
   call-release-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-release.yml@v0.12.0
+    uses: ASFHyP3/actions/.github/workflows/reusable-release.yml@v0.13.2
     with:
       release_prefix: HyP3
     secrets:
      USER_TOKEN: ${{ secrets.TOOLS_BOT_PAK }}
@@ -1,11 +1,17 @@
 name: Static code analysis
 
+permissions:
+  contents: read
+
 on: push
 
 jobs:
   call-ruff-workflow:
     # Docs: https://github.com/ASFHyP3/actions
-    uses: ASFHyP3/actions/.github/workflows/[email protected]
+    uses: ASFHyP3/actions/.github/workflows/[email protected]
+
+  call-mypy-workflow:
+    uses: ASFHyP3/actions/.github/workflows/[email protected]
 
   cfn-lint:
     runs-on: ubuntu-latest
@@ -17,7 +23,7 @@ jobs:
       - uses: actions/[email protected]
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.13
       - run: |
           python -m pip install --upgrade pip
           make install
@@ -31,7 +37,7 @@ jobs:
       - uses: actions/[email protected]
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.13
       - run: |
           python -m pip install --upgrade pip
           make install
@@ -48,7 +54,7 @@ jobs:
       - run: gem install statelint
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.13
       - run: |
           python -m pip install --upgrade pip
           make install
@@ -65,7 +71,7 @@ jobs:
       - uses: snyk/actions/[email protected]
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.13
       - run: |
           python -m pip install --upgrade pip
           make install
@@ -78,4 +84,4 @@ jobs:
           snyk iac test --severity-threshold=high
 
   call-secrets-analysis-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-secrets-analysis.yml@v0.12.0
+    uses: ASFHyP3/actions/.github/workflows/reusable-secrets-analysis.yml@v0.13.2
@@ -11,7 +11,7 @@ jobs:
 
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.13
 
       - run: |
           python -m pip install --upgrade pip

@@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [9.2.0]
+
+### Added
+- Add `mypy` to [`static-analysis`](.github/workflows/static-analysis.yml) workflow
+- `OPERA_DISP_TMS` job type is now available in EDC UAT deployment
+
+### Changed
+- Upgrade to Python 3.13
+
+### Removed
+- Remove `hyp3-opera-disp-sandbox` deployment
+
 ## [9.1.1]
 
 ### Changed

@@ -71,7 +71,7 @@ From the repository root,
 make install
 ```
 
-- Install Python dependencies for AWS Lambda functions (requires pip for python 3.9)
+- Install Python dependencies for AWS Lambda functions (requires pip for python 3.13)
 ```sh
 make build
 ```

@@ -196,7 +196,7 @@ Resources:
       Handler: hyp3_api.lambda_handler.handler
       MemorySize: 3008
       Role: !GetAtt LambdaRole.Arn
-      Runtime: python3.9
+      Runtime: python3.13
       Timeout: 30
       {% if security_environment == 'EDC' %}
       VpcConfig:

@@ -1,11 +1,10 @@
 import time
 from os import environ
-from typing import Optional
 
 import jwt
 
 
-def decode_token(token) -> Optional[dict]:
+def decode_token(token) -> dict | None:
     try:
         return jwt.decode(token, environ['AUTH_PUBLIC_KEY'], algorithms=environ['AUTH_ALGORITHM'])
     except (jwt.ExpiredSignatureError, jwt.DecodeError):

@@ -3,6 +3,7 @@
 from decimal import Decimal
 from os import environ
 from pathlib import Path
+from typing import Any
 
 import yaml
 from flask import abort, g, jsonify, make_response, redirect, render_template, request
@@ -98,10 +99,10 @@ def default(self, o):
 
 
 class CustomJSONProvider(JSONProvider):
-    def dumps(self, o):
-        return json.dumps(o, cls=CustomEncoder)
+    def dumps(self, obj: Any, **kwargs) -> str:
+        return json.dumps(obj, cls=CustomEncoder)
 
-    def loads(self, s):
+    def loads(self, s: str | bytes, **kwargs) -> Any:
         return json.loads(s)
 
 
@@ -111,15 +112,15 @@ def __init__(self):
 
     def __call__(self, errors):
         response = super().__call__(errors)
-        error = response.json['errors'][0]
+        error = response.json['errors'][0]  # type: ignore[index]
         return handlers.problem_format(error['status'], error['title'])
 
 
 app.json = CustomJSONProvider(app)
 
 openapi = FlaskOpenAPIViewDecorator(
     api_spec,
-    response_cls=None,
+    response_cls=None,  # type: ignore[arg-type]
     errors_handler_cls=ErrorHandler,
 )
 
@@ -138,7 +139,7 @@ def jobs_post():
 @app.route('/jobs', methods=['GET'])
 @openapi
 def jobs_get():
-    parameters = request.openapi.parameters.query
+    parameters = request.openapi.parameters.query  # type: ignore[attr-defined]
     start = parameters.get('start')
     end = parameters.get('end')
     return jsonify(

@@ -66,7 +66,7 @@ Resources:
       Handler: check_processing_time.lambda_handler
       MemorySize: 128
       Role: !GetAtt Role.Arn
-      Runtime: python3.9
+      Runtime: python3.13
       Timeout: 30
       {% if security_environment == 'EDC' %}
       VpcConfig:

@@ -1,14 +1,11 @@
-from typing import Union
-
-
-def get_time_from_result(result: Union[list, dict]) -> Union[list, float]:
+def get_time_from_result(result: list | dict) -> list | float:
     if isinstance(result, list):
         return [get_time_from_result(item) for item in result]
 
     return (result['StoppedAt'] - result['StartedAt']) / 1000
 
 
-def lambda_handler(event, _) -> list[Union[list, float]]:
+def lambda_handler(event, _) -> list | float:
     processing_results = event['processing_results']
     result_list = [processing_results[key] for key in sorted(processing_results.keys())]
     return get_time_from_result(result_list)
@@ -56,7 +56,7 @@ Resources:
       Handler: disable_private_dns.lambda_handler
       MemorySize: 128
       Role: !GetAtt Role.Arn
-      Runtime: python3.9
+      Runtime: python3.13
       Timeout: 5
       Environment:
         Variables:

@@ -86,7 +86,7 @@ Resources:
       Handler: get_files.lambda_handler
       MemorySize: 128
       Role: !GetAtt Role.Arn
-      Runtime: python3.9
+      Runtime: python3.13
       Timeout: 30
       {% if security_environment == 'EDC' %}
       VpcConfig: