Release v0.1.3 #60

To fix the issue, we will add a permissions block at the root of the workflow file. This block will specify the minimal permissions required for the workflow to function. Based on the context, the workflow appears to check for changelog updates, which likely requires read access to the repository contents. Therefore, we will set contents: read as the permission.

To fix the issue, we need to add a permissions block to the workflow. This block should specify the least privileges required for the workflow to function correctly. Since the workflow interacts with pull requests (e.g., checking labels), it likely requires contents: read and pull-requests: read. If additional permissions are needed, they should be added explicitly based on the functionality of the reusable workflow.

The permissions block should be added at the root level of the workflow, ensuring it applies to all jobs unless overridden by job-specific permissions.

To fix the issue, we need to add a permissions block to the root of the workflow file. This block will define the minimum required permissions for the workflow. Since the workflow calls reusable workflows, we should assume the most basic permissions (contents: read) unless the reusable workflows explicitly require additional permissions. If the reusable workflows need more permissions, they should ideally define them internally.

The fix involves:

Adding a permissions block at the root level of the workflow file.

Setting contents: read as the default permission, which is sufficient for most basic CI workflows.

-Original file line number
+Diff line change
@@ -0,0 +1,32 @@
+    name: Build
+    on:
+      push:
+        branches:
+          - develop
+        tags:
+          - 'v*'
+      pull_request:
+        branches:
+          - main
+          - develop
+    jobs:
+      call-version-info-workflow:
+        uses: ASFHyP3/actions/.github/workflows/reusable-version-info.yml@v0.20.0
+        permissions:
+          contents: read
+        with:
+          python_version: '3.10'
+      call-docker-ghcr-workflow:
+        needs: call-version-info-workflow
+        uses: ASFHyP3/actions/.github/workflows/reusable-docker-ghcr.yml@v0.20.0
+        permissions:
+          contents: read
+          packages: write
+        with:
+          version_tag: ${{ needs.call-version-info-workflow.outputs.version_tag }}
+          user: ${{ github.actor }}
+        secrets:
+          USER_TOKEN: ${{ secrets.GITHUB_TOKEN }}

-Original file line number
+Diff line change
@@ Expand Up / @@ -6,10 +6,10 @@ @@
     jobs:
       call-create-jira-issue-workflow:
-        uses: ASFHyP3/actions/.github/workflows/reusable-create-jira-issue.yml@v0.18.1
+        uses: ASFHyP3/actions/.github/workflows/reusable-create-jira-issue.yml@v0.20.0
         secrets:
           JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
           JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
           JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
           JIRA_PROJECT: ${{ secrets.JIRA_PROJECT }}
           JIRA_FIELDS: ${{ secrets.JIRA_FIELDS }}

-Original file line number
+Diff line change
@@ Expand Up / @@ -10,7 +10,7 @@ on: @@
     jobs:
       call-release-workflow:
         # Docs: https://github.com/ASFHyP3/actions
-        uses: ASFHyP3/actions/.github/workflows/reusable-release-checklist-comment.yml@v0.18.1
+        uses: ASFHyP3/actions/.github/workflows/reusable-release-checklist-comment.yml@v0.20.0
         permissions:
           pull-requests: write
         secrets:
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -8,11 +8,11 @@ @@
     jobs:
       call-release-workflow:
         # Docs: https://github.com/ASFHyP3/actions
-        uses: ASFHyP3/actions/.github/workflows/reusable-release.yml@v0.18.1
+        uses: ASFHyP3/actions/.github/workflows/reusable-release.yml@v0.20.0
         with:
           release_prefix: HyP3 OPERA-RTC
           release_branch: main
           develop_branch: develop
           sync_pr_label: actions-bot
         secrets:
           USER_TOKEN: ${{ secrets.TOOLS_BOT_PAK }}

-Original file line number
+Diff line change
@@ Expand Up / @@ -8,9 +8,9 @@ @@
     jobs:
       call-bump-version-workflow:
         # Docs: https://github.com/ASFHyP3/actions
-        uses: ASFHyP3/actions/.github/workflows/reusable-bump-version.yml@v0.18.1
+        uses: ASFHyP3/actions/.github/workflows/reusable-bump-version.yml@v0.20.0
         with:
           user: tools-bot
           email: UAF-asf-apd@alaska.edu
         secrets:
           USER_TOKEN: ${{ secrets.TOOLS_BOT_PAK }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release v0.1.3 #60

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Check warning

Copilot Autofix

Check warning

Check warning

Copilot Autofix

Check warning

Check warning

Check warning

Check warning

Copilot Autofix

Check warning

Uh oh!

-Original file line number
+Diff line change
@@ Expand Up @@
     and this project adheres to [PEP 440](https://www.python.org/dev/peps/pep-0440/)
     and uses [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+    ## [0.1.3]
+    ### Changed
+    - Download opera burst db during container build instead of at runtime.
+    - Publish docker container to public GHCR repo instead of private Amazon ECR repo.
     ## [0.1.2]
     ### Changed
@@ Expand Down @@

-Original file line number
+Diff line change
@@ -1,4 +1,4 @@
-    FROM 845172464411.dkr.ecr.us-west-2.amazonaws.com/opera_pge/rtc_s1:2.1.1
+    FROM ghcr.io/nasa/opera-sds-pge/opera_pge/rtc_s1:2.1.1
     # For opencontainers label definitions, see:
     #    https://github.com/opencontainers/image-spec/blob/master/annotations.md
@@ Expand All / @@ -15,6 +15,8 @@ USER root @@
     RUN chown rtc_user:rtc_user /home/rtc_user/scratch
     USER rtc_user
+    RUN curl https://asf-dem-west.s3.amazonaws.com/AUX/opera-burst-bbox-only.sqlite3 -o /home/rtc_user/opera-burst-bbox-only.sqlite3
     COPY --chown=rtc_user:rtc_user . /home/rtc_user/hyp3-opera-rtc/
     RUN conda env create -f /home/rtc_user/hyp3-opera-rtc/environment.yml && \
         conda clean -afy && \
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -4,6 +4,8 @@ A HyP3 plugin for OPERA-RTC processing @@
     **ALL CREDIT FOR THIS PLUGIN'S RTC PRODUCTS GOES TO THE [JPL OPERA TEAM](https://www.jpl.nasa.gov/go/opera). THIS PLUGIN MERELY ALLOWS US TO RUN THEIR WORKFLOW IN A HYP3 ENVIRONMENT.**
+    **VALIDATION OF THIS PLUGIN IS STILL ONGOING. CONFIDENCE THAT THIS PLUGIN PRODUCES EQUIVALENT RTC DATA PRODUCTS AS THE OPERA MISSION IS NOT (YET) HIGH ENOUGH FOR PRODUCTION USE.**
     ## Earthdata Login Credentials
     To use this plugin, the user must provide their Earthdata Login credentials in order to download input data.
@@ Expand All @@
     ## Usage
-    > [!WARNING]
-    > This plugin is designed to run within the HyP3 processing system, and directly relies on the JPL OPERA OPERA-RTC-S1 Product Generation Executable (PGE) docker container (see architecture section below). Currently this container is not publicly available, but the OPERA team is working to make it available in the near future.
+    This plugin is designed to run within the HyP3 processing system,
+    and directly relies on the JPL OPERA OPERA-RTC-S1 Product Generation Executable (PGE) docker container (see architecture section below).
     For this reason, the plugin is only runnable via the docker container.
-    Because our docker image is based on `845172464411.dkr.ecr.us-west-2.amazonaws.com/opera_pge/rtc_s1` (see the [Dockerfile](./Dockerfile)),
-    you'll need to authenticate to Amazon ECR in the HyP3 AWS account before building our docker image
-    (you must be an ASF developer with access to the HyP3 AWS account):
-    ```
-    aws --profile hyp3 ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 845172464411.dkr.ecr.us-west-2.amazonaws.com
-    ```
-    Then build our container:
+    Build the container:
     ```bash
     git clone https://github.com/ASFHyP3/hyp3-OPERA-RTC.git
@@ Expand Down @@

-Original file line number
+Diff line change
@@ -1,4 +1,4 @@
-    ruff==0.11.8
+    ruff==0.11.11
     mypy==1.15.0
     lxml-stubs
     types-shapely
@@ Expand Down @@

-Original file line number
+Diff line change
@@ -1,5 +1,6 @@
     import argparse
     import os
+    import shutil
     import warnings
     from pathlib import Path
     from zipfile import ZipFile
@@ Expand All / @@ -18,16 +19,13 @@ @@
     CMR_URL = 'https://cmr.earthdata.nasa.gov/search/granules.umm_json'
-    def download_burst_db(save_dir: Path) -> Path:
-        db_path = save_dir / 'opera-burst-bbox-only.sqlite3'
+    def prep_burst_db(save_dir: Path) -> Path:
+        db_filename = 'opera-burst-bbox-only.sqlite3'
+        db_path = save_dir / db_filename
-        if db_path.exists():
-            return db_path
+        shutil.copy(Path.home() / db_filename, db_path)
-        # Currently using a version created using opera-adt/burst_db v0.4.0, but hope to switch to ASF-provide source.
-        url = 'https://ffwilliams2-shenanigans.s3.us-west-2.amazonaws.com/opera/opera-burst-bbox-only.sqlite3'
-        db_path = hyp3lib.fetch.download_file(url, str(save_dir))
-        return Path(db_path)
+        return db_path
     def get_s1_granule_bbox(granule_path: Path, buffer: float = 0.025) -> Polygon:
@@ Expand Down Expand Up / @@ -135,8 +133,8 @@ def prep_rtc( @@
         orbit_path = orbit.get_orbit(safe_path.with_suffix('').name, save_dir=input_dir)
         print(f'Downloaded orbit file: {orbit_path}')
-        db_path = download_burst_db(input_dir)
-        print(f'Downloaded burst database: {db_path}')
+        db_path = prep_burst_db(input_dir)
+        print(f'Burst database: {db_path}')
         dem_path = input_dir / 'dem.tif'
         granule_bbox = get_s1_granule_bbox(safe_path)
@@ Expand Down @@