Merge pull request #76 from sanjay-reddy-kandi/main

release/v2.7.4

Author: groverlalit

CHANGELOG.md

@@ -4,6 +4,11 @@
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.7.4] - 2024-11
+### Fixed
+- Upgrade cross-spawn to mitigate [CVE-2024-21538](https://nvd.nist.gov/vuln/detail/CVE-2024-21538)
+- Migrated from pip to poetry
+
 ## [2.7.3] - 2024-10
 ### Fixed
 - Update base python image to mitigate [CVE-2024-45490](https://security-tracker.debian.org/tracker/CVE-2024-45490), [CVE-2024-45491](https://security-tracker.debian.org/tracker/CVE-2024-45491), [CVE-2024-45492](https://security-tracker.debian.org/tracker/CVE-2024-45492), [CVE-2023-7104](https://security-tracker.debian.org/tracker/CVE-2023-7104)

README.md

@@ -210,12 +210,11 @@ npm run synth
     │   └── cost-optimizer-for-amazon-workspaces-spoke-stack.ts
     ├── package.json
     ├── package-lock.json
-    ├── testing_requirements.txt
+    ├── poetry.lock
+    ├── pyproject.toml
     ├── tsconfig.json
     └── workspaces_app
         ├── main.py
-        ├── requirements.txt
-        ├── setup_requirements.txt
         ├── test_workspaces_app.py
         └── workspaces_app
             ├── __init__.py

deployment/build-s3-dist.sh

@@ -32,6 +32,12 @@ pack_lambda() {
     cp "$include_file" "$package_temp_dir"
   done
 
+  # Generate requirements.txt using Poetry
+  pushd "$source_dir"
+  "$POETRY_HOME"/bin/poetry export --without dev -f requirements.txt --output requirements.txt --without-hashes
+  popd
+
+  # Install dependencies from the generated requirements.txt
   pip install -r "$source_dir"/requirements.txt -t "$package_temp_dir"
 
   pushd "$package_temp_dir"
@@ -132,6 +138,8 @@ main() {
 
   cp "$source_dir"/Dockerfile "$wco_folder"
   cp "$source_dir"/.dockerignore "$wco_folder"
+  cp "$source_dir"/pyproject.toml "$wco_folder"
+  cp "$source_dir"/poetry.lock "$wco_folder"
   cp -r "$source_dir"/workspaces_app "$wco_folder"
   cp -r "$source_dir"/docker "$wco_folder"
 }

deployment/run-unit-tests.sh

@@ -10,20 +10,13 @@ main() {
   root_dir=$(dirname "$(cd -P -- "$(dirname "$0")" && pwd -P)")
   local template_dir="$root_dir"/deployment
   local source_dir="$root_dir"/source
-  local venv="$root_dir"/.venv
 
-  [[ ! -d "$venv" ]] && python3 -m venv "$venv"
-  source "$venv"/bin/activate
-  unset AWS_PROFILE
-  python3 -m pip install --upgrade pip setuptools wheel
-
-  local requirements_files=(
-    "$source_dir"/testing_requirements.txt
-  )
-
-  for requirements_file in "${requirements_files[@]}"; do
-    python3 -m pip install -r "$requirements_file"
-  done
+  echo "Installing python packages including development dependencies"
+  cd "$source_dir"
+  "$POETRY_HOME"/bin/poetry install --with dev
+  
+  # Activate the virtual environment.
+  source $("$POETRY_HOME"/bin/poetry env info --path)/bin/activate
 
   local coverage_dir="$template_dir"/test/coverage-reports
   rm -rf "$coverage_dir"
@@ -53,6 +46,7 @@ main() {
   npm install
   npm run test
 
+  # Deactivate the virtual environment
   deactivate
 }
 

source/Dockerfile

@@ -1,10 +1,24 @@
 FROM public.ecr.aws/docker/library/python:3.12.7-slim-bookworm
-COPY workspaces_app /workspaces_app
 
-WORKDIR /workspaces_app
+# Set up a non-root user
 RUN adduser -uid 1001 nonroot
+
+# Set the working directory
+WORKDIR /workspaces_app
+
+# Copy only the files needed to install dependencies
+COPY pyproject.toml poetry.lock ./
+
+# Install poetry and dependencies
+RUN pip install poetry && \
+    poetry config virtualenvs.create false && \
+    poetry install --only main --no-root
+
+# Copy the rest of the application code
+COPY workspaces_app ./workspaces_app
+
+# Switch to non-root user
 USER nonroot
 
-RUN pip install -r ./setup_requirements.txt
-RUN pip install -r ./requirements.txt
-CMD python3 ./main.py
+# Run the application
+CMD ["python", "./workspaces_app/main.py"]

source/lambda/requirements.txt

@@ -1,6 +1,6 @@
 {
   "name": "cost-optimizer-for-amazon-workspaces",
-  "version": "2.7.3",
+  "version": "2.7.4",
   "description": "Cost Optimizer for Amazon Workspaces (SO0018)",
   "license": "Apache-2.0",
   "repository": {
@@ -18,10 +18,10 @@
     "test": "jest --coverage",
     "license-report": "license-report --output=csv --delimiter=' under ' --fields=name --fields=licenseType",
     "cdk": "cdk",
-    "bootstrap": "SOLUTION_VERSION=v2.7.3 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces cdk bootstrap",
-    "deploy": "SOLUTION_VERSION=v2.7.3 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces cdk deploy cost-optimizer-for-amazon-workspaces",
-    "deploySpoke": "SOLUTION_VERSION=v2.7.3 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces cdk deploy cost-optimizer-for-amazon-workspaces-spoke",
-    "synth": "SOLUTION_VERSION=v2.7.3 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces DIST_OUTPUT_BUCKET=solutions-reference cdk synth"
+    "bootstrap": "SOLUTION_VERSION=v2.7.4 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces cdk bootstrap",
+    "deploy": "SOLUTION_VERSION=v2.7.4 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces cdk deploy cost-optimizer-for-amazon-workspaces",
+    "deploySpoke": "SOLUTION_VERSION=v2.7.4 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces cdk deploy cost-optimizer-for-amazon-workspaces-spoke",
+    "synth": "SOLUTION_VERSION=v2.7.4 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces DIST_OUTPUT_BUCKET=solutions-reference cdk synth"
   },
   "devDependencies": {
     "@aws-cdk/assert": "2.68.0",