Merge branch 'main' into dependabot/docker/lambda/python-3.13

ministryofjustice · Jan 7, 2025 · a1fcfb6 · a1fcfb6
2 parents b6e6313 + 369615a
commit a1fcfb6
Show file tree

Hide file tree

Showing 9 changed files with 34 additions and 25 deletions.
diff --git a/.devcontainer/devcontainer-lock.json b/.devcontainer/devcontainer-lock.json
@@ -6,9 +6,9 @@
       "integrity": "sha256:5f3e2005aad161ce3ff7700b2603f11935348c039f9166960efd050d69cd3014"
     },
     "ghcr.io/devcontainers/features/python:1": {
-      "version": "1.6.5",
-      "resolved": "ghcr.io/devcontainers/features/python@sha256:f5e1557b5745bcc3aa8f12eaa1084b8d63952d73e776c406214d65f593aae6d8",
-      "integrity": "sha256:f5e1557b5745bcc3aa8f12eaa1084b8d63952d73e776c406214d65f593aae6d8"
+      "version": "1.7.0",
+      "resolved": "ghcr.io/devcontainers/features/python@sha256:8452f39db0852420728c9f7503dd94b3fc71aa558b5e7c8f6f9ce6687e494ae3",
+      "integrity": "sha256:8452f39db0852420728c9f7503dd94b3fc71aa558b5e7c8f6f9ce6687e494ae3"
     },
     "ghcr.io/ministryofjustice/devcontainer-feature/aws:1": {
       "version": "1.0.1",

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -26,6 +26,6 @@ jobs:
 
       - name: Dependency review
         id: dependency_review
-        uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
         with:
           fail-on-severity: critical
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -40,7 +40,7 @@ jobs:
 
       - name: Build and Push
         id: build_and_push
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
         with:
           push: true
           tags: 374269020027.dkr.ecr.eu-west-2.amazonaws.com/analytical-platform-ingestion-notify:${{ github.ref_name }}

diff --git a/.github/workflows/scan-image.yml b/.github/workflows/scan-image.yml
@@ -22,15 +22,15 @@ jobs:
 
       - name: Build Image
         id: build_image
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
         with:
           push: false
           load: true
           tags: ingestion-notify
 
       - name: Scan Image
         id: scan_image
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
+        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
         env:
           TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
           TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
@@ -45,7 +45,7 @@ jobs:
       - name: Scan Image (On SARIF Scan Failure)
         if: failure() && steps.scan_image.outcome == 'failure'
         id: scan_image_on_failure
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
+        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
         with:
           image-ref: ingestion-notify
           exit-code: 1
@@ -55,6 +55,6 @@ jobs:
       - name: Upload SARIF
         if: always()
         id: upload_sarif
-        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v2.2.7
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v2.2.7
         with:
           sarif_file: trivy-results.sarif
diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml
@@ -29,7 +29,7 @@ jobs:
 
       - name: Run Super-Linter
         id: super_linter
-        uses: super-linter/super-linter/slim@b92721f792f381cedc002ecdbb9847a15ece5bb8 # v7.1.0
+        uses: super-linter/super-linter/slim@85f7611e0f7b53c8573cca84aa0ed4344f6f6a4d # v7.2.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           LINTER_RULES_PATH: /

diff --git a/Makefile b/Makefile
@@ -0,0 +1,15 @@
+.PHONY: build debug
+
+IMAGE_NAME ?= analytical-platform.service.justice.gov.uk/ingestion-notify
+IMAGE_TAG  ?= local
+
+build:
+	docker build --platform linux/amd64 --file Dockerfile --tag $(IMAGE_NAME):$(IMAGE_TAG) .
+
+debug: build
+	docker run -it --rm \
+		--platform linux/amd64 \
+		--hostname ingestion-notify \
+		--name analytical-platform-ingestion-notify \
+		--entrypoint /bin/bash \
+		$(IMAGE_NAME):$(IMAGE_TAG)
diff --git a/README.md b/README.md
@@ -8,19 +8,13 @@ This image is used in the Analytical Platform Ingestion service. It is deployed
 
 ### Build
 
-```bash
-docker build --platform linux/amd64 --file Dockerfile --tag analytical-platform.service.justice.gov.uk/ingestion-notify:local .
-```
+`make build`
 
-### Run
+### Debug
 
-```bash
-docker run -it --rm \
-  --platform linux/amd64 \
-  --hostname ingestion-notify \
-  --name analytical-platform-ingestion-notify \
-  analytical-platform.service.justice.gov.uk/ingestion-notify:local
-```
+Launch a Bash terminal in the container:
+
+`make debug`
 
 ## Versions
 

diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -4,4 +4,4 @@ black==24.10.0
 flake8==7.1.1
 isort==5.13.2
 mypy==1.13.0
-pylint==3.3.1
+pylint==3.3.3
diff --git a/src/var/task/requirements.txt b/src/var/task/requirements.txt
@@ -1,4 +1,4 @@
-boto3==1.35.59
-botocore==1.35.59
+boto3==1.35.85
+botocore==1.35.85
 notifications-python-client==10.0.0
-slack_sdk==3.33.3
+slack_sdk==3.34.0