promote deploy-test to PROD

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.3.1
+current_version = 0.4.0
 commit = True
 tag = False
 

.github/workflows/deploy-to-aws.yaml

@@ -18,6 +18,9 @@ jobs:
     needs: call-test-workflow
     uses: GNS-Science/nshm-github-actions/.github/workflows/deploy-to-aws.yml@main
     with:
-      python-version: '3.10'
-      smoketest-query: "query {about, current_model_version}"
+      python-version: '3.12'
+      node-version: '22'
+      node-pkg-manager: 'yarn2'
+      smoketest-query: 'query QueryRoot{about}'
     secrets: inherit
+

.github/workflows/dev.yml

@@ -16,6 +16,7 @@ jobs:
     uses: GNS-Science/nshm-github-actions/.github/workflows/python-run-tests.yml@main
     with:
       operating-systems: "['ubuntu-latest']"
-      python-versions: "['3.10']"
+      python-versions: "['3.12']"
       delete-poetry-lock: ${{ github.event_name == 'schedule' }} # the scheduled build tests against newer dependencies
+      optional-dependency-groups: dev      
     secrets: inherit

.github/workflows/release.yml

@@ -1,89 +1,28 @@
 # Publish package on main branch if it's tagged with 'v*'
 
-name: release & publish workflow
+name: Release & publish workflow
 
 # Controls when the action will run.
 on:
   # Triggers the workflow on push events but only for the master branch
   push:
-    tags:
-      - 'v*'
+    tags: 'v*'
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "release"
-  release:
-    name: Create Release
-    runs-on: ubuntu-20.04
 
-    strategy:
-      matrix:
-        python-versions: [3.8]
-
-    # Steps represent a sequence of tasks that will be executed as part of the job
-    steps:
-      - name: Get version from tag
-        id: tag_name
-        run: |
-          echo ::set-output name=current_version::${GITHUB_REF#refs/tags/v}
-        shell: bash
-
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v2
-
-      - name: Get Changelog Entry
-        id: changelog_reader
-        uses: mindsers/changelog-reader-action@v2
-        with:
-          validation_depth: 10
-          version: ${{ steps.tag_name.outputs.current_version }}
-          path: ./CHANGELOG.md
-
-      - uses: actions/setup-python@v2
-        with:
-          python-version: ${{ matrix.python-versions }}
-
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install poetry
-
-      - name: build documentation
-        run: |
-          poetry install -E doc
-          poetry run mkdocs build
-
-      - name: publish documentation
-        uses: peaceiris/actions-gh-pages@v3
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          publish_dir: ./site
-
-      # - name: Build wheels and source tarball
-      #   run: >-
-      #     poetry build
-
-      # - name: show temporary files
-      #   run: >-
-      #     ls -l
-
-      # - name: create github release
-      #   id: create_release
-      #   uses: softprops/action-gh-release@v1
-      #   env:
-      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      #   with:
-      #     body: ${{ steps.changelog_reader.outputs.changes }}
-      #     files: dist/*.whl
-      #     draft: false
-      #     prerelease: false
-
-      # - name: publish to PyPI
-      #   uses: pypa/gh-action-pypi-publish@release/v1
-      #   with:
-      #     user: __token__
-      #     password: ${{ secrets.PYPI_API_TOKEN }}
-      #     skip_existing: true
+  release-and-distribute:
+    uses:  GNS-Science/nshm-github-actions/.github/workflows/python-release.yml@main
+    with:
+      python-version:  '3.12'
+      pypi-publish: false
+    secrets: inherit
+
+#   deploy-docs:
+#     uses:  GNS-Science/nshm-github-actions/.github/workflows/python-deploy-docs.yml@main
+#     with:
+#       python-version:  '3.12'
+#       optional-dependency-groups: 'doc'
+#     secrets: inherit

.gitignore

@@ -29,6 +29,8 @@ wheels/
 *.egg-info/
 .installed.cfg
 *.egg
+requirements.txt
+audit.txt
 
 # PyInstaller
 #  Usually these files are written by a python script from a template

CHANGELOG.md

@@ -1,12 +1,24 @@
 # Changelog
 
+
+## [0.4.0] - 2025-10-20
+
+### Changed
+ - migrate to serverless 4
+ - use python 3.12
+ - migrate pyproject.toml to PEP508
+ - ensureCI/CD workflows use minimum install footprints
+ - update to `nzshm-model 0.14.0`
+
+### Added
+ - tox audit step
+
 ## [0.3.1] - 2025-09-15
 
 ### Changed
  - graphql-server pinned
  - dev dependencies updated
 
-
 ## [0.3.0] - 2025-07-29
 
 ### Changed

DEVELOPMENT.md

@@ -0,0 +1,76 @@
+# DEVELOPMENT
+
+### Environment setup
+
+ - clone the repo
+ - check/install a recent node version >=22
+   `nvm use 22`
+
+- setup python env
+```
+pyenv local 3.12
+poetry env use 3.12
+```
+
+setup yarn 2 ...
+```
+
+
+yarn install
+```
+
+Now `yarn sls info` should print something like ...
+
+```
+$ sls info
+Running "serverless" from node_modules
+Environment: darwin, node 22.16.0, framework 3.40.0 (local), plugin 7.2.3, SDK 4.5.1
+Credentials: Local, "default" profile
+Docs:        docs.serverless.com
+Support:     forum.serverless.com
+Bugs:        github.com/serverless/serverless/issue
+
+```
+You'll problably see an error, if your AWS credentials are not those required for SLS.
+
+## TESTING
+
+### Run API locally
+```
+ENABLE_METRICS=0 poetry run yarn sls wsgi serve
+```
+
+## Auditing requirements packages
+
+NB this is now included in tox:audit step
+
+```
+poetry export --all-groups --output audit.txt
+poetry run pip-audit -r audit.txt -s pypi --require-hashes
+poetry run pip-audit -r audit.txt -s osv --require-hashes
+
+poetry show {package-name}
+```
+
+### `safety` requires user login registration, but seems closer to dependabot in detections.
+```
+poetry run safety scan
+```
+
+### Node
+```
+yarn npm audit -R
+yarn why {package-name}
+yarn upgrade-interactive
+```
+
+## DEPLOY DEV service
+
+```
+AWS_PROFILE=**** poetry run yarn sls deploy --region ap-southeast-2 --stage dev
+```
+
+### API Feature tests
+`$>poetry run pytest` should just work.
+
+

nshm_model_graphql_api/__init__.py

@@ -2,4 +2,4 @@
 
 __author__ = """GNS Science"""
 __email__ = "nshm@gns.cri.nz"
-__version__ = "0.3.1"
+__version__ = "0.4.0"

nshm_model_graphql_api/schema/nshm_model_sources_schema.py

@@ -6,7 +6,7 @@
 import graphene
 import nzshm_model as nm
 from graphene import relay
-from nzshm_model.logic_tree.source_logic_tree.version2 import logic_tree
+from nzshm_model.logic_tree.source_logic_tree import logic_tree
 
 log = logging.getLogger(__name__)
 

package.json

@@ -1,6 +1,6 @@
 {
     "name": "nshm-model-graphql-api",
-    "version": "0.3.1",
+    "version": "0.4.0",
     "description": "A graphql API for NSHM seismic models",
     "scripts": {
         "test": "echo \"Error: no test specified\" && exit 1",
@@ -15,16 +15,15 @@
         "url": "git+https://github.com/GNS-Science/nshm-tosh-api.git"
     },
     "keywords": [],
-    "author": "",
-    "license": "",
     "bugs": {
         "url": "https://github.com/GNS-Science/nshm-toshi-api/issues"
     },
     "homepage": "https://github.com/GNS-Science/nshm-toshi-api#readme",
     "dependencies": {
-        "serverless": "^3.40.0",
-        "serverless-plugin-warmup": "^8.2.1",
-        "serverless-python-requirements": "^6.1.0",
-        "serverless-wsgi": "^3.0.2"
-    }
+        "serverless": "^4.21.1",
+        "serverless-plugin-warmup": "^8.3.0",
+        "serverless-python-requirements": "^6.1.2",
+        "serverless-wsgi": "^3.1.0"
+    },
+    "packageManager": "yarn@4.10.3"
 }