name: Feature Branch

on:

workflow_dispatch:

push:

branches:

- feature/*

- fix/*

jobs:

build:

runs-on: ubuntu-latest

permissions:

id-token: write

contents: read

steps:

- name: Setup job workspace

uses: ServerlessOpsIO/gha-setup-workspace@v1

- name: Setup Python environment

uses: ServerlessOpsIO/gha-setup-python@v1

with:

python_version: '3.13'

- name: Run tests

run: pipenv run test-unit

- name: Assume AWS credentials

uses: ServerlessOpsIO/gha-assume-aws-credentials@v1

with:

build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}

- name: Install AWS SAM

uses: aws-actions/setup-sam@v2

- name: Validate template

run: sam validate --lint

- name: Build deployment artifact

run: sam build

- name: Store artifacts

uses: ServerlessOpsIO/gha-store-artifacts@v1

with:

use_aws_sam: true

deploy:

needs:

- build

environment: production

runs-on: ubuntu-latest

permissions:

id-token: write

contents: read

steps:

- name: Setup job workspace

uses: ServerlessOpsIO/gha-setup-workspace@v1

with:

checkout_artifact: true

- name: Assume AWS credentials

uses: ServerlessOpsIO/gha-assume-aws-credentials@v1

with:

build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}

deploy_aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}

- name: Deploy via AWS SAM

uses: ServerlessOpsIO/gha-deploy-aws-sam@v1

with:

aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}

env_json: ${{ toJson(env) }}

vars_json: ${{ toJson(vars) }}

secrets_json: ${{ toJson(secrets) }}

name: Main

on:

workflow_dispatch:

push:

branches:

- main

jobs:

build:

runs-on: ubuntu-latest

permissions:

id-token: write

contents: read

steps:

- name: Setup job workspace

uses: ServerlessOpsIO/gha-setup-workspace@v1

- name: Setup Python environment

uses: ServerlessOpsIO/gha-setup-python@v1

with:

python_version: '3.13'

- name: Run tests

run: pipenv run test-unit

- name: Assume AWS credentials

uses: ServerlessOpsIO/gha-assume-aws-credentials@v1

with:

build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}

- name: Install AWS SAM

uses: aws-actions/setup-sam@v2

- name: Validate template

run: sam validate --lint

- name: Build deployment artifact

run: sam build

- name: Store artifacts

uses: ServerlessOpsIO/gha-store-artifacts@v1

with:

use_aws_sam: true

deploy:

needs:

- build

environment: production

runs-on: ubuntu-latest

permissions:

id-token: write

contents: read

steps:

- name: Setup job workspace

uses: ServerlessOpsIO/gha-setup-workspace@v1

with:

checkout_artifact: true

- name: Assume AWS credentials

uses: ServerlessOpsIO/gha-assume-aws-credentials@v1

with:

build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}

deploy_aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}

- name: Deploy via AWS SAM

uses: ServerlessOpsIO/gha-deploy-aws-sam@v1

with:

aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}

env_json: ${{ toJson(env) }}

vars_json: ${{ toJson(vars) }}

secrets_json: ${{ toJson(secrets) }}

__pycache__/

*.py[cod]

build/

develop-eggs/

dist/

downloads/

eggs/

.eggs/

lib/

lib64/

parts/

sdist/

var/

wheels/

*.egg-info/

htmlcov/

.tox/

.hypothesis/

.pytest_cache/

.mypy_cache/

env/

venv/

ENV/

env.bak/

venv.bak/

.settings/

.vscode/

.idea/

!.vscode/launch.json

!.vscode/tasks.json

.aws-sam/

[[source]]

name = "pypi"

url = "https://pypi.org/simple"

verify_ssl = true

[requires]

python_version = "3.13"

[packages]

common = {editable = true, path = "src/common"}

aws-lambda-powertools = "*"

[dev-packages]

boto3-stubs = { extras = ["apigateway", "dynamodb" ], version = "*"}

cfn-lint = "*"

flake8 = "*"

genson = "*"

jsonschema = "*"

json2python-models = "*"

moto = {extras = ["apigateway", "dynamodb"], version = "*"}

mypy = "*"

pylint = "*"

pytest = "*"

pytest-cov = "*"

pytest-flake8 = "*"

pytest-mock = "*"

pytest-mypy = "*"

pytest-pylint = "*"

tox = "*"

[scripts]

test = "pytest -vv --cov src --cov-report term-missing --cov-fail-under 95 tests"

test-unit = "pytest -vv --cov src --cov-report term-missing --cov-fail-under 95 tests/unit"

test-int = "pytest -vv --cov src --cov-report term-missing --cov-fail-under 95 tests/integration"

test-ete = "pytest -vv --cov src --cov-report term-missing --cov-fail-under 95 tests/ete"

flake8 = "pytest -vv --flake8"

pylint = "pytest -vv --pylint"

mypy = "pytest -vv --mypy"

test test

The full API can be found in the [OpenAPI document](./openapi.yaml).

This is an AWS serverless CRUD API backend service. It is built on top of the following AWS services:

* API Gateway

* Lambda

* DynamoDB

* Cognito (See _Getting Started / API / Authentication and Authorization_ for more)

This repository was generated from a template intended to get a new API up and running quickly. This section will cover different aspects of the newly created project as well as areas that may need to be modified to meet the specific needs of a new project.

The database is a DDB table with a primary key composed of a partition key and sort key to form a composite primark key. Both usage of a composite primary key and generically named partition and sort keys were chosen to allow for a variety of different data types to be stored in the table. These keys are:

* Partition Key: `pk`

* Sort Key: `sk`

The starter code assumes the values of _pk_ and _sk_ are the same value and their value is the same as the API's `id` path parameter. When creating new resources the starter code will dynamically create a UUID as the value for `pk` and `sk`.

If you expect to have multiple types of data stored in the same table you should consider using compound key values for _pk_ and _sk_. These are keys where the values are prefixed with a string indicating the data type. For example, prefixing the value with the collection name. eg. _things#1234_. See the _Code_ section for more information on implimenting this.

When starting a new project the first place to start with adapting the code to meet the needs of a new project is the [`src/common/common/model/things.py`](src/common/common/model/things.py) file. This file contains interfaces for data and DDB table items.

Start by modifying the dataclasses to match the shape of your data. Optionally you can choose to replace that interface with one from another module if you're working with a pre-existing data model. The existing interface definition was chosen simply to make the project work out of the box.

Next, modify the `createKeys()` and `getKeys()` functions as necessary. These functions exist to make working with keys consistent across Lambda functions. If you want to prepend a data type to key values as mentioned in the _Database_ section you can do so here.

This projects provides and OpenAPI document that defines the API. This document is located at [openapi.yaml](./openapi.yaml). This document besides defining the API is also used by the AWS SAM IaC to define the API Gateway resources.

This service is configured to use a pre-existing Cognito User Pool. Clients should obtain a JWT from the Cognito token endpoint using the client's clientId and clientSecret. Each endpoint's scope requirements are defined in the [OpenAPI document](./openapi.yaml).

---

apiVersion: backstage.io/v1alpha1

kind: Component

metadata:

name: test-api

description: test test

annotations:

github.com/project-slug: ServerlessOpsIO/test-api

spec:

type: api

lifecycle: production

owner: group:backstage

system: system:backstage

providesApis:

- resource:test-api

---

apiVersion: backstage.io/v1alpha1

kind: API

metadata:

name: test-api

description: |

spec:

type: openapi

system: system:backstage

lifecycle: production

owner: group:backstage

definition:

$text: https://github.com/ServerlessOpsIO/test-api/blob/main/openapi.yaml

{

"Hostname": "api.something.sevrerlessops.io",

"DnsZoneId": "/org/dns/ZoneId",

"CognitoUserPoolArn": $secrets.COGNITO_USER_POOL_ARN,

"Domain": "devtools",

"System": "backstage",

"Component": $env.GITHUB_REPOSITORY_NAME_PART_SLUG_CS,

"CodeBranch": $env.GITHUB_REF_SLUG_CS

}

{

"org:domain": "devtools",

"org:system": "backstage",

"org:component": $env.GITHUB_REPOSITORY_NAME_PART_SLUG_CS

}