From 4a57f0d3074892826d2f4f33a2e16c372e6ce223 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 11:30:52 -0600 Subject: [PATCH 01/20] Update certbot version; add GH actions build --- .github/workflows/build.yml | 36 ++++++++++++++++++++ package.sh | 8 ++--- requirements.txt | 66 ++----------------------------------- 3 files changed, 42 insertions(+), 68 deletions(-) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..b886438 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,36 @@ +name: Build Certbot Lambda Package + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v5 + + - name: Set up Python + uses: actions/setup-python@v6 + with: + python-version: '3.11' + + - name: Run package script + run: ./package.sh + + - name: Show package size + run: | + echo "Package size:" + du -h certbot/certbot.zip || echo "certbot.zip not found" + + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + with: + name: certbot-lambda-package + path: certbot/certbot.zip + retention-days: 30 diff --git a/package.sh b/package.sh index 09d1362..ae941e2 100755 --- a/package.sh +++ b/package.sh @@ -5,7 +5,7 @@ set -e readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" readonly CERTBOT_VERSION=$( awk -F= '$1 == "certbot"{ print $NF; }' "${SCRIPT_DIR}/requirements.txt" ) readonly VENV="certbot/venv" -readonly PYTHON="python3" +readonly PYTHON="python" readonly CERTBOT_ZIP_FILE="certbot.zip" readonly CERTBOT_SITE_PACKAGES=${VENV}/Lib/site-packages @@ -14,10 +14,10 @@ cd "${SCRIPT_DIR}" ${PYTHON} -m venv "${VENV}" source "${VENV}/Scripts/activate" -pip3 install -r requirements.txt +pip install -r requirements.txt pushd ${CERTBOT_SITE_PACKAGES} - zip -r -q ${SCRIPT_DIR}/certbot/${CERTBOT_ZIP_FILE} . -x "/*__pycache__/*" + 7z a -tzip ${SCRIPT_DIR}/certbot/${CERTBOT_ZIP_FILE} . -xr!__pycache__ popd -zip -g "certbot/${CERTBOT_ZIP_FILE}" main.py +7z a -tzip "certbot/${CERTBOT_ZIP_FILE}" main.py diff --git a/requirements.txt b/requirements.txt index d57015f..0cf48b8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,64 +1,2 @@ -acme==2.9.0 -apispec==6.3.0 -awscli==1.32.52 -awscli-local==0.22.0 -boto3==1.34.52 -botocore==1.34.52 -cachetools==5.0.0 -certbot==2.9.0 -certbot-dns-route53==2.9.0 -certbot-dns-tencentcloud==2.0.2 -certifi==2023.7.22 -cffi==1.15.1 -charset-normalizer==3.1.0 -click==8.1.3 -colorama==0.4.4 -ConfigArgParse==1.7 -configobj==5.0.8 -cryptography==42.0.5 -dill==0.3.6 -distro==1.9.0 -dnslib==0.9.23 -dnspython==2.3.0 -docutils==0.16 -ecdsa==0.18.0 -idna==3.4 -jmespath==1.0.1 -josepy==1.14.0 -lark==1.1.5 -localstack-client==2.5 -markdown-it-py==2.2.0 -mdurl==0.1.2 -packaging==23.1 -parsedatetime==2.6 -pbr==5.11.1 -pcore==0.2.1 -plux==1.5.0 -psh==0.2.12 -psutil==5.9.5 -psys==0.4.2 -pyaes==1.6.1 -pyasn1==0.5.0 -pycparser==2.21 -Pygments==2.15.1 -pyOpenSSL==24.0.0 -pyRFC3339==1.1 -python-dateutil==2.8.2 -python-dotenv==1.0.0 -python-hcl2==4.3.0 -python-jose==3.3.0 -pytz==2024.1 -pywin32==306 -PyYAML==6.0.1 -requests==2.31.0 -rich==13.3.4 -rsa==4.7.2 -s3transfer==0.10.0 -semver==3.0.0 -six==1.16.0 -stevedore==5.0.0 -tabulate==0.9.0 -tailer==0.4.1 -terraform-local==0.16.0 -urllib3==2.0.7 -windows-curses==2.3.2 +certbot==5.1.0 +certbot-dns-route53==5.1.0 From 3b1ac17572a3a770192cfeb2f8448203fd5f2e22 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 11:54:30 -0600 Subject: [PATCH 02/20] CI updates --- .github/workflows/build.yml | 2 ++ package.sh | 12 ++++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b886438..d92b7f7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,6 +10,8 @@ on: jobs: build: runs-on: ubuntu-latest + env: + CI: true steps: - name: Checkout code diff --git a/package.sh b/package.sh index ae941e2..ecc1c13 100755 --- a/package.sh +++ b/package.sh @@ -9,10 +9,18 @@ readonly PYTHON="python" readonly CERTBOT_ZIP_FILE="certbot.zip" readonly CERTBOT_SITE_PACKAGES=${VENV}/Lib/site-packages +readonly CI=$CI + cd "${SCRIPT_DIR}" -${PYTHON} -m venv "${VENV}" -source "${VENV}/Scripts/activate" +if [ "${CI}" = true ]; then + echo "Running in CI mode" + . .venv/bin/activate +else + echo "Running in local mode" + ${PYTHON} -m venv "${VENV}" + source "${VENV}/Scripts/activate" +fi pip install -r requirements.txt From 3e928ed2fbc8aa09eaf057ed7f7206686d6b68da Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 11:56:51 -0600 Subject: [PATCH 03/20] Update CI --- package.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.sh b/package.sh index ecc1c13..5b594f6 100755 --- a/package.sh +++ b/package.sh @@ -15,7 +15,7 @@ cd "${SCRIPT_DIR}" if [ "${CI}" = true ]; then echo "Running in CI mode" - . .venv/bin/activate + . ${GITHUB_WORKSPACE}/.venv/bin/activate else echo "Running in local mode" ${PYTHON} -m venv "${VENV}" From 5def9571ef9694b4791f04c17e97be03ca11ada1 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 12:02:35 -0600 Subject: [PATCH 04/20] CI updates --- package.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package.sh b/package.sh index 5b594f6..665d647 100755 --- a/package.sh +++ b/package.sh @@ -15,7 +15,8 @@ cd "${SCRIPT_DIR}" if [ "${CI}" = true ]; then echo "Running in CI mode" - . ${GITHUB_WORKSPACE}/.venv/bin/activate + ${PYTHON} -m venv .venv + source ${GITHUB_WORKSPACE}/.venv/bin/activate else echo "Running in local mode" ${PYTHON} -m venv "${VENV}" From 60ebc04262658be48b8e66a2c25e53ae67c319cf Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 12:04:48 -0600 Subject: [PATCH 05/20] CI updates --- package.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.sh b/package.sh index 665d647..c00db8c 100755 --- a/package.sh +++ b/package.sh @@ -15,8 +15,8 @@ cd "${SCRIPT_DIR}" if [ "${CI}" = true ]; then echo "Running in CI mode" - ${PYTHON} -m venv .venv - source ${GITHUB_WORKSPACE}/.venv/bin/activate + ${PYTHON} -m venv $VENV + source ${GITHUB_WORKSPACE}/$VENV/bin/activate else echo "Running in local mode" ${PYTHON} -m venv "${VENV}" From 4de30b5c090317ae534d52cc3a2a0288dd8cefc4 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 12:10:50 -0600 Subject: [PATCH 06/20] ci update --- package.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/package.sh b/package.sh index c00db8c..c5b24d8 100755 --- a/package.sh +++ b/package.sh @@ -4,7 +4,7 @@ set -e readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" readonly CERTBOT_VERSION=$( awk -F= '$1 == "certbot"{ print $NF; }' "${SCRIPT_DIR}/requirements.txt" ) -readonly VENV="certbot/venv" +VENV="certbot/venv" readonly PYTHON="python" readonly CERTBOT_ZIP_FILE="certbot.zip" readonly CERTBOT_SITE_PACKAGES=${VENV}/Lib/site-packages @@ -16,7 +16,8 @@ cd "${SCRIPT_DIR}" if [ "${CI}" = true ]; then echo "Running in CI mode" ${PYTHON} -m venv $VENV - source ${GITHUB_WORKSPACE}/$VENV/bin/activate + $VENV=$GITHUB_WORKSPACE/$VENV + source $VENV/bin/activate else echo "Running in local mode" ${PYTHON} -m venv "${VENV}" From fd7c68d550fb83f82015861e1023b6e5e7d876e8 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 12:11:49 -0600 Subject: [PATCH 07/20] ci --- package.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.sh b/package.sh index c5b24d8..e5c1983 100755 --- a/package.sh +++ b/package.sh @@ -16,7 +16,7 @@ cd "${SCRIPT_DIR}" if [ "${CI}" = true ]; then echo "Running in CI mode" ${PYTHON} -m venv $VENV - $VENV=$GITHUB_WORKSPACE/$VENV + VENV=$GITHUB_WORKSPACE/$VENV source $VENV/bin/activate else echo "Running in local mode" From d797bcb71858fb1e8c7bd3f6baea7fe9497c0426 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 12:13:11 -0600 Subject: [PATCH 08/20] ci --- package.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package.sh b/package.sh index e5c1983..2545bef 100755 --- a/package.sh +++ b/package.sh @@ -7,7 +7,6 @@ readonly CERTBOT_VERSION=$( awk -F= '$1 == "certbot"{ print $NF; }' "${SCRIPT_DI VENV="certbot/venv" readonly PYTHON="python" readonly CERTBOT_ZIP_FILE="certbot.zip" -readonly CERTBOT_SITE_PACKAGES=${VENV}/Lib/site-packages readonly CI=$CI @@ -26,6 +25,8 @@ fi pip install -r requirements.txt +readonly CERTBOT_SITE_PACKAGES=${VENV}/Lib/site-packages + pushd ${CERTBOT_SITE_PACKAGES} 7z a -tzip ${SCRIPT_DIR}/certbot/${CERTBOT_ZIP_FILE} . -xr!__pycache__ popd From cee5fe9da81358120f917476887093a4c8d73bf4 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 12:15:13 -0600 Subject: [PATCH 09/20] ci --- package.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.sh b/package.sh index 2545bef..7675fbf 100755 --- a/package.sh +++ b/package.sh @@ -25,7 +25,7 @@ fi pip install -r requirements.txt -readonly CERTBOT_SITE_PACKAGES=${VENV}/Lib/site-packages +readonly CERTBOT_SITE_PACKAGES=${VENV}/lib/site-packages pushd ${CERTBOT_SITE_PACKAGES} 7z a -tzip ${SCRIPT_DIR}/certbot/${CERTBOT_ZIP_FILE} . -xr!__pycache__ From ff9d5255df52a13cfd62b0204cfee8f9a1c4f89f Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 12:17:14 -0600 Subject: [PATCH 10/20] ci --- package.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/package.sh b/package.sh index 7675fbf..314834d 100755 --- a/package.sh +++ b/package.sh @@ -26,6 +26,7 @@ fi pip install -r requirements.txt readonly CERTBOT_SITE_PACKAGES=${VENV}/lib/site-packages +ls -a $VENV pushd ${CERTBOT_SITE_PACKAGES} 7z a -tzip ${SCRIPT_DIR}/certbot/${CERTBOT_ZIP_FILE} . -xr!__pycache__ From 141dd085a36594d6fa460982248c696c7e0a68a0 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 12:18:07 -0600 Subject: [PATCH 11/20] ci --- package.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.sh b/package.sh index 314834d..7283a1f 100755 --- a/package.sh +++ b/package.sh @@ -26,7 +26,7 @@ fi pip install -r requirements.txt readonly CERTBOT_SITE_PACKAGES=${VENV}/lib/site-packages -ls -a $VENV +ls -a $VENV/lib pushd ${CERTBOT_SITE_PACKAGES} 7z a -tzip ${SCRIPT_DIR}/certbot/${CERTBOT_ZIP_FILE} . -xr!__pycache__ From 07a3ac094515823dc8c0f8c5dfdd6a0ace10efaa Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 12:18:57 -0600 Subject: [PATCH 12/20] ci --- package.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.sh b/package.sh index 7283a1f..3926b8c 100755 --- a/package.sh +++ b/package.sh @@ -26,7 +26,7 @@ fi pip install -r requirements.txt readonly CERTBOT_SITE_PACKAGES=${VENV}/lib/site-packages -ls -a $VENV/lib +ls -a $VENV/lib/python3.11 pushd ${CERTBOT_SITE_PACKAGES} 7z a -tzip ${SCRIPT_DIR}/certbot/${CERTBOT_ZIP_FILE} . -xr!__pycache__ From f2ca0840db98a1cc7e1a1c6740c40339190c5cec Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 12:20:52 -0600 Subject: [PATCH 13/20] ci --- package.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/package.sh b/package.sh index 3926b8c..b56121b 100755 --- a/package.sh +++ b/package.sh @@ -7,6 +7,7 @@ readonly CERTBOT_VERSION=$( awk -F= '$1 == "certbot"{ print $NF; }' "${SCRIPT_DI VENV="certbot/venv" readonly PYTHON="python" readonly CERTBOT_ZIP_FILE="certbot.zip" +CERTBOT_SITE_PACKAGES=${VENV}/lib/site-packages readonly CI=$CI @@ -17,6 +18,7 @@ if [ "${CI}" = true ]; then ${PYTHON} -m venv $VENV VENV=$GITHUB_WORKSPACE/$VENV source $VENV/bin/activate + CERTBOT_SITE_PACKAGES=${VENV}/lib/python3.11/site-packages else echo "Running in local mode" ${PYTHON} -m venv "${VENV}" @@ -25,9 +27,6 @@ fi pip install -r requirements.txt -readonly CERTBOT_SITE_PACKAGES=${VENV}/lib/site-packages -ls -a $VENV/lib/python3.11 - pushd ${CERTBOT_SITE_PACKAGES} 7z a -tzip ${SCRIPT_DIR}/certbot/${CERTBOT_ZIP_FILE} . -xr!__pycache__ popd From ffe752cc90e5e2ed2fe33fc8069369b339484871 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 13:37:32 -0600 Subject: [PATCH 14/20] Upload artifacts to S3 --- .editorconfig | 14 ++++++ .github/workflows/build.yml | 98 ++++++++++++++++++++++++++++++++++++- package.sh | 2 +- 3 files changed, 112 insertions(+), 2 deletions(-) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..9ad042d --- /dev/null +++ b/.editorconfig @@ -0,0 +1,14 @@ +root = true + +[*] +charset = utf-8 +indent_size = 2 +indent_style = space +insert_final_newline = true +trim_trailing_whitespace = true + +[*.cs] +indent_size = 4 + +[*.{csv,editorconfig,cs,config,sql}] +insert_final_newline = false \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d92b7f7..b82d3b5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,10 +8,94 @@ on: workflow_dispatch: jobs: + setup-build-workflow: + runs-on: ubuntu-latest + + outputs: + IS_PRERELEASE: ${{ steps.set-vars.outputs.IS_PRERELEASE }} + IS_MERGE_TO_MAIN: ${{ steps.set-vars.outputs.IS_MERGE_TO_MAIN }} + IS_MERGE_TO_DEVELOP: ${{ steps.set-vars.outputs.IS_MERGE_TO_DEVELOP }} + REF_TO_BUILD_AND_TAG: ${{ steps.set-vars.outputs.REF_TO_BUILD_AND_TAG }} + IS_DEPENDABOT_PR: ${{ steps.actor_check.outputs.IS_DEPENDABOT_PR }} + + steps: + - name: Set default env variables + id: set-vars + uses: actions/github-script@v7 + with: + script: | + const targetRef = '${{ github.base_ref }}'; + const sourceRef = '${{ github.head_ref }}'; + const mergeRef = '${{ github.ref }}'; + + const prIsDraft = '${{ github.event.pull_request.draft }}' === 'true'; + const prMergedToMain = mergeRef === 'refs/heads/master'; + + const isPreRelease = !prMergedToMain + + // For a detailed explanation of why we use different refs for different scenarios + // see https://docs.github.com/en/rest/reference/pulls#get-a-pull-request + const refToBuildAndTag = isPreRelease ? sourceRef : mergeRef; + + Object.entries({ + IS_PRERELEASE: isPreRelease, + IS_MERGE_TO_MAIN: prMergedToMain, + REF_TO_BUILD_AND_TAG: refToBuildAndTag, + }).forEach(pair => { + core.setOutput(...pair); + console.info(...pair); + }); + + - name: Check if Dependabot PR + id: actor_check + uses: actions/github-script@v7 + with: + script: | + const actor = '${{ github.actor}}'; + const knownDependabotNames = [ + 'dependabot[bot]', + 'dependabot' + ]; + const isDependabotPR = knownDependabotNames.includes(actor); + core.info(`Is Dependabot PR: ${isDependabotPR}`); + core.setOutput('IS_DEPENDABOT_PR', isDependabotPR); + + get-version: + runs-on: ubuntu-latest + needs: [build, setup-build-workflow] + + outputs: + NEXT_VERSION: ${{ steps.get-version.outputs.NEXT_VERSION }} + NEXT_VERSION_NO_PREFIX: ${{ steps.get-version.outputs.NEXT_VERSION_NO_PREFIX }} + + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 # Includes all history for all branches and tags + + - id: get-version + uses: joemcbride/git-version-lite@v3.2.0 + with: + calculate-prerelease-version: ${{ needs.setup-build-workflow.outputs.IS_PRERELEASE }} + branch-name: ${{ needs.setup-build-workflow.outputs.REF_TO_BUILD_AND_TAG }} + tag-prefix: certbot- + fallback-to-no-prefix-search: false + default-release-type: minor + create-ref: true + github-token: ${{ secrets.GITHUB_TOKEN }} + + - run: | + echo "The next version is ${{ env.NEXT_VERSION }}" + echo "The next version without the prefix is ${{ env.NEXT_VERSION_NO_PREFIX }}" + build: runs-on: ubuntu-latest env: CI: true + AWS_REGION: us-west-2 + NEXT_VERSION: ${{ needs.get-version.outputs.NEXT_VERSION }} + NEXT_VERSION_NO_PREFIX: ${{ needs.get-version.outputs.NEXT_VERSION_NO_PREFIX }} + NEXT_BUILD_VERSION: ${{ needs.get-version.outputs.NEXT_BUILD_VERSION }} steps: - name: Checkout code @@ -34,5 +118,17 @@ jobs: uses: actions/upload-artifact@v4 with: name: certbot-lambda-package - path: certbot/certbot.zip + path: certbot/certbot-lambda.zip retention-days: 30 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v5 + with: + role-to-assume: arn:aws:iam::888985673581:role/GithubActions-DovetailSofware_Org-OIDC + role-session-name: GitHub_to_AWS_via_FederatedOIDC + aws-region: ${{ env.AWS_REGION }} + + - name: Upload Certbot Lambda Assets to S3 + working-directory: certbot + run: | + aws s3 cp . s3://jenkins-artifacts.us-west-2.dovetailnow.com/jobs/certbot-lambda/$NEXT_VERSION_NO_PREFIX --recursive --exclude "*" --include "*.zip" diff --git a/package.sh b/package.sh index b56121b..8ac99c5 100755 --- a/package.sh +++ b/package.sh @@ -6,7 +6,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" readonly CERTBOT_VERSION=$( awk -F= '$1 == "certbot"{ print $NF; }' "${SCRIPT_DIR}/requirements.txt" ) VENV="certbot/venv" readonly PYTHON="python" -readonly CERTBOT_ZIP_FILE="certbot.zip" +readonly CERTBOT_ZIP_FILE="certbot-lambda.zip" CERTBOT_SITE_PACKAGES=${VENV}/lib/site-packages readonly CI=$CI From d8e07a9afdc3376ec8611df7c214f5e2283556f3 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 13:41:06 -0600 Subject: [PATCH 15/20] ci --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b82d3b5..d420108 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -62,7 +62,7 @@ jobs: get-version: runs-on: ubuntu-latest - needs: [build, setup-build-workflow] + needs: setup-build-workflow outputs: NEXT_VERSION: ${{ steps.get-version.outputs.NEXT_VERSION }} @@ -90,6 +90,7 @@ jobs: build: runs-on: ubuntu-latest + needs: get-version env: CI: true AWS_REGION: us-west-2 From 8d10da46ffa83d83a16c11cb460977db2558ada9 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 13:44:12 -0600 Subject: [PATCH 16/20] ci --- .github/workflows/build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d420108..405fd8b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,6 +7,10 @@ on: branches: [ master ] workflow_dispatch: +permissions: + id-token: write + contents: read + jobs: setup-build-workflow: runs-on: ubuntu-latest From a2afba217fa73206959ee908b691b257c191724f Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 13:45:59 -0600 Subject: [PATCH 17/20] ci --- .github/workflows/build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 405fd8b..bb22678 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,7 +9,6 @@ on: permissions: id-token: write - contents: read jobs: setup-build-workflow: From 2bb906b7c02683d73ed389e92cd49daca2d6c3a5 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 13:49:25 -0600 Subject: [PATCH 18/20] ci --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bb22678..edffa8e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,9 +7,6 @@ on: branches: [ master ] workflow_dispatch: -permissions: - id-token: write - jobs: setup-build-workflow: runs-on: ubuntu-latest @@ -94,6 +91,9 @@ jobs: build: runs-on: ubuntu-latest needs: get-version + permissions: + id-token: write + contents: read env: CI: true AWS_REGION: us-west-2 From edc26ae8bb4cb4e95bed5356146f677b90ad3cdb Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 14:09:40 -0600 Subject: [PATCH 19/20] update requirements.txt --- package.sh | 1 + requirements.txt | 2 ++ 2 files changed, 3 insertions(+) diff --git a/package.sh b/package.sh index 8ac99c5..bbdb61a 100755 --- a/package.sh +++ b/package.sh @@ -21,6 +21,7 @@ if [ "${CI}" = true ]; then CERTBOT_SITE_PACKAGES=${VENV}/lib/python3.11/site-packages else echo "Running in local mode" + rm -rf ./certbot ${PYTHON} -m venv "${VENV}" source "${VENV}/Scripts/activate" fi diff --git a/requirements.txt b/requirements.txt index 0cf48b8..5fda595 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,4 @@ +boto3==1.40.48 certbot==5.1.0 certbot-dns-route53==5.1.0 +cryptography==46.0.2 \ No newline at end of file From 9e492f4f2677e935d813a9d4613adb19f093bd77 Mon Sep 17 00:00:00 2001 From: Steve Taggart <11730266+stevetaggart@users.noreply.github.com> Date: Wed, 8 Oct 2025 14:16:57 -0600 Subject: [PATCH 20/20] python 3.13 --- .github/workflows/build.yml | 4 ++-- package.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index edffa8e..740c092 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -108,7 +108,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v6 with: - python-version: '3.11' + python-version: '3.13' - name: Run package script run: ./package.sh @@ -116,7 +116,7 @@ jobs: - name: Show package size run: | echo "Package size:" - du -h certbot/certbot.zip || echo "certbot.zip not found" + du -h certbot/certbot-lambda.zip || echo "certbot-lambda.zip not found" - name: Upload build artifacts uses: actions/upload-artifact@v4 diff --git a/package.sh b/package.sh index bbdb61a..079a013 100755 --- a/package.sh +++ b/package.sh @@ -18,7 +18,7 @@ if [ "${CI}" = true ]; then ${PYTHON} -m venv $VENV VENV=$GITHUB_WORKSPACE/$VENV source $VENV/bin/activate - CERTBOT_SITE_PACKAGES=${VENV}/lib/python3.11/site-packages + CERTBOT_SITE_PACKAGES=${VENV}/lib/python3.13/site-packages else echo "Running in local mode" rm -rf ./certbot