Adopt mypy (#6821)

.github/workflows/ci.yml

@@ -138,13 +138,12 @@ jobs:
           cache: 'pip'
           cache-dependency-path: 'requirements.dev.txt'
 
-      - uses: 'github/codeql-action/init@v2'
+      - uses: 'github/codeql-action/init@v3'
         with:
           languages: '${{ matrix.language }}'
-          setup-python-dependencies: false
           config-file: './.github/codeql/codeql-config.yml'
           queries: 'security-and-quality'
 
-      - uses: 'github/codeql-action/analyze@v2'
+      - uses: 'github/codeql-action/analyze@v3'
         with:
           category: '/language:${{matrix.language}}'

.mypy.ini

@@ -11,12 +11,24 @@ modules =
     azul.azulclient,
     azul.bytes,
     azul.caching,
-    azul.chalice
+    azul.chalice,
+    azul.bigquery,
+    azul.bigquery_reservation,
+    azul.csp,
+    azul.deployment,
+    azul.strings,
+    azul.logging,
+    azul,
+    azul.docker
 packages =
     azul.openapi
 
 [mypy-furl.*]
 follow_untyped_imports = True
 
 [mypy-requests.*]
-follow_untyped_imports = True
+follow_untyped_imports = True
+
+[mypy-docker.*]
+; https://github.com/python/typeshed/issues/13439
+follow_untyped_imports = True

CONTRIBUTING.rst

@@ -397,10 +397,12 @@ Ordering artifacts in the source
 Disabling sections of code
 --------------------------
 
-* To temporarily disable a section of code, we embed it in a conditional
-  statement with an test that always evaluates to false (``if False:`` in
-  Python) instead of commenting that section out. We do this to keep the code
-  subject to refactorings and code inspection tools.
+* We do not comment out sections of code. To temporarily disable some section of
+  code, we embed it in a conditional statement with a test that always evaluates
+  to ``False``. We do this to keep the code subject to refactorings and type
+  checkers. We use ``azul.false()`` instead of just the ``False`` literal, in
+  order to avoid the detection of unreachable code during static analysis by
+  PyCharm and CodeQL.
 
 Control flow
 ------------

lambdas/indexer/app.py

@@ -53,7 +53,7 @@
         # changes and reset the minor version to zero. Otherwise, increment only
         # the minor version for backwards compatible changes. A backwards
         # compatible change is one that does not require updates to clients.
-        'version': '3.1',
+        'version': '3.2',
         'description': fd('''
             This is the internal API for Azul's indexer component.
         ''')

lambdas/indexer/openapi.json

@@ -2,7 +2,7 @@
     "openapi": "3.0.1",
     "info": {
         "title": "azul-indexer-dev",
-        "version": "3.1",
+        "version": "3.2",
         "description": "\nThis is the internal API for Azul's indexer component.\n\n\n## Contact us\n\nFor technical support please file an issue at\n[GitHub](https://github.com/DataBiosphere/azul/issues) or email\n`[email protected]`. To report a security concern or misconduct please email\n`[email protected]`.\n"
     },
     "paths": {
@@ -176,43 +176,10 @@
                                                 "dirty"
                                             ],
                                             "additionalProperties": false
-                                        },
-                                        "changes": {
-                                            "type": "array",
-                                            "items": {
-                                                "type": "object",
-                                                "properties": {
-                                                    "title": {
-                                                        "type": "string"
-                                                    },
-                                                    "issues": {
-                                                        "type": "array",
-                                                        "items": {
-                                                            "type": "string"
-                                                        }
-                                                    },
-                                                    "upgrade": {
-                                                        "type": "array",
-                                                        "items": {
-                                                            "type": "string"
-                                                        }
-                                                    },
-                                                    "notes": {
-                                                        "type": "string"
-                                                    }
-                                                },
-                                                "required": [
-                                                    "title",
-                                                    "issues",
-                                                    "upgrade"
-                                                ],
-                                                "additionalProperties": false
-                                            }
                                         }
                                     },
                                     "required": [
-                                        "git",
-                                        "changes"
+                                        "git"
                                     ],
                                     "additionalProperties": false
                                 }

lambdas/lambdas.mk

@@ -53,7 +53,6 @@ clean: git_clean_recursive
 
 .PHONY: package
 package: check_branch check_python check_aws config environ compile
-	python -m azul.changelog vendor
 	chalice package --stage $(AZUL_DEPLOYMENT_STAGE) --pkg-format terraform .chalice/terraform
 
 .PHONY: openapi

lambdas/service/app.py

@@ -39,6 +39,7 @@
 
 from azul import (
     CatalogName,
+    R,
     RequirementError,
     cache,
     cached_property,
@@ -135,7 +136,7 @@
         # changes and reset the minor version to zero. Otherwise, increment only
         # the minor version for backwards compatible changes. A backwards
         # compatible change is one that does not require updates to clients.
-        'version': '12.1',
+        'version': '12.2',
         'description': fd(f'''
             # Overview
 
@@ -414,8 +415,11 @@ def get_pagination(self, entity_type: str) -> Pagination:
                                    search_before=sb,
                                    search_after=sa,
                                    self_url=self.self_url)
-        except RequirementError as e:
-            raise ChaliceViewError(repr(e.args))
+        except AssertionError as e:
+            if R.caused(e):
+                raise ChaliceViewError(repr(e.args))
+            else:
+                raise
 
     def file_url(self,
                  *,
@@ -533,8 +537,11 @@ def validate_entity_type(entity_type: str):
 def validate_catalog(catalog):
     try:
         config.Catalog.validate_name(catalog)
-    except RequirementError as e:
-        raise BRE(e)
+    except AssertionError as e:
+        if R.caused(e):
+            raise BRE(e)
+        else:
+            raise
     else:
         if catalog not in config.catalogs:
             raise NotFoundError(f'Catalog name {catalog!r} does not exist. '
@@ -602,9 +609,12 @@ def validate_filters(filters):
                               f'parameter entry for `{field}` is not a single-item list')
                 try:
                     require(isinstance(nested, dict))
-                except RequirementError:
-                    raise BRE(f'The value of the `is` relation in the `filters` '
-                              f'parameter entry for `{field}` must contain a dictionary')
+                except AssertionError as e:
+                    if R.caused(e):
+                        raise BRE(f'The value of the `is` relation in the `filters` '
+                                  f'parameter entry for `{field}` must contain a dictionary')
+                    else:
+                        raise
                 extra_props = nested.keys() - field_type.properties.keys()
                 if extra_props:
                     raise BRE(f'The value of the `is` relation in the `filters` '
@@ -615,8 +625,11 @@ def validate_organism_age_filter(values):
     for value in values:
         try:
             value_and_unit.to_index(value)
-        except RequirementError as e:
-            raise BRE(e)
+        except AssertionError as e:
+            if R.caused(e):
+                raise BRE(e)
+            else:
+                raise
 
 
 def validate_field(field: str, *, include_synthetic: bool = False):

lambdas/service/openapi.json

@@ -2,7 +2,7 @@
     "openapi": "3.0.1",
     "info": {
         "title": "azul-service-dev",
-        "version": "12.1",
+        "version": "12.2",
         "description": "\n# Overview\n\nAzul is a REST web service for querying metadata associated with\nboth experimental and analysis data from a data repository. In order\nto deliver response times that make it suitable for interactive use\ncases, the set of metadata properties that it exposes for sorting,\nfiltering, and aggregation is limited. Azul provides a uniform view\nof the metadata over a range of diverse schemas, effectively\nshielding clients from changes in the schemas as they occur over\ntime. It does so, however, at the expense of detail in the set of\nmetadata properties it exposes and in the accuracy with which it\naggregates them.\n\nAzul denormalizes and aggregates metadata into several different\nindices for selected entity types. Metadata entities can be queried\nusing the [Index](#operations-tag-Index) endpoints.\n\nA set of indices forms a catalog. There is a default catalog called\n`dcp2` which will be used unless a\ndifferent catalog name is specified using the `catalog` query\nparameter. Metadata from different catalogs is completely\nindependent: a response obtained by querying one catalog does not\nnecessarily correlate to a response obtained by querying another\none. Two catalogs can contain metadata from the same sources or\ndifferent sources. It is only guaranteed that the body of a\nresponse by any given endpoint adheres to one schema,\nindependently of which catalog was specified in the request.\n\nAzul provides the ability to download data and metadata via the\n[Manifests](#operations-tag-Manifests) endpoints. The\n`curl` format manifests can be used to\ndownload data files. Other formats provide various views of the\nmetadata. Manifests can be generated for a selection of files using\nfilters. These filters are interchangeable with the filters used by\nthe [Index](#operations-tag-Index) endpoints.\n\nAzul also provides a [summary](#operations-Index-get_index_summary)\nview of indexed data.\n\n## Data model\n\nAny index, when queried, returns a JSON array of hits. Each hit\nrepresents a metadata entity. Nested in each hit is a summary of the\nproperties of entities associated with the hit. An entity is\nassociated either by a direct edge in the original metadata graph,\nor indirectly as a series of edges. The nested properties are\ngrouped by the type of the associated entity. The properties of all\ndata files associated with a particular sample, for example, are\nlisted under `hits[*].files` in a `/index/samples` response. It is\nimportant to note that while each _hit_ represents a discrete\nentity, the properties nested within that hit are the result of an\naggregation over potentially many associated entities.\n\nTo illustrate this, consider a data file that is part of two\nprojects (a project is a group of related experiments, typically by\none laboratory, institution or consortium). Querying the `files`\nindex for this file yields a hit looking something like:\n\n```\n{\n    \"projects\": [\n        {\n            \"projectTitle\": \"Project One\"\n            \"laboratory\": ...,\n            ...\n        },\n        {\n            \"projectTitle\": \"Project Two\"\n            \"laboratory\": ...,\n            ...\n        }\n    ],\n    \"files\": [\n        {\n            \"format\": \"pdf\",\n            \"name\": \"Team description.pdf\",\n            ...\n        }\n    ]\n}\n```\n\nThis example hit contains two kinds of nested entities (a hit in an\nactual Azul response will contain more): There are the two projects\nentities, and the file itself. These nested entities contain\nselected metadata properties extracted in a consistent way. This\nmakes filtering and sorting simple.\n\nAlso notice that there is only one file. When querying a particular\nindex, the corresponding entity will always be a singleton like\nthis.\n\n\n## Contact us\n\nFor technical support please file an issue at\n[GitHub](https://github.com/DataBiosphere/azul/issues) or email\n`[email protected]`. To report a security concern or misconduct please email\n`[email protected]`.\n"
     },
     "tags": [
@@ -194,43 +194,10 @@
                                                 "dirty"
                                             ],
                                             "additionalProperties": false
-                                        },
-                                        "changes": {
-                                            "type": "array",
-                                            "items": {
-                                                "type": "object",
-                                                "properties": {
-                                                    "title": {
-                                                        "type": "string"
-                                                    },
-                                                    "issues": {
-                                                        "type": "array",
-                                                        "items": {
-                                                            "type": "string"
-                                                        }
-                                                    },
-                                                    "upgrade": {
-                                                        "type": "array",
-                                                        "items": {
-                                                            "type": "string"
-                                                        }
-                                                    },
-                                                    "notes": {
-                                                        "type": "string"
-                                                    }
-                                                },
-                                                "required": [
-                                                    "title",
-                                                    "issues",
-                                                    "upgrade"
-                                                ],
-                                                "additionalProperties": false
-                                            }
                                         }
                                     },
                                     "required": [
-                                        "git",
-                                        "changes"
+                                        "git"
                                     ],
                                     "additionalProperties": false
                                 }

requirements.all.txt

@@ -8,9 +8,9 @@ bdbag==1.7.3
 blessed==1.20.0
 blinker==1.9.0
 boto3==1.36.3
-boto3-stubs==1.36.3
+boto3-stubs-lite==1.36.3
 botocore==1.36.3
-botocore-stubs==1.36.4
+botocore-stubs==1.36.7
 brotli==1.1.0
 cachetools==5.5.1
 certifi==2024.12.14
@@ -52,7 +52,7 @@ google-crc32c==1.6.0
 google-resumable-media==2.7.2
 googleapis-common-protos==1.66.0
 greenlet==3.1.1
-grpcio==1.69.0
+grpcio==1.70.0
 grpcio-status==1.62.3
 http-message-signatures==0.5.0
 http_sfv==0.9.9
@@ -64,7 +64,7 @@ jinja2==3.1.5
 jmespath==1.0.1
 jq==1.8.0
 jsonschema==4.23.0
-jsonschema-path==0.3.3
+jsonschema-path==0.3.4
 jsonschema-specifications==2024.10.1
 lazy-object-proxy==1.10.0
 locust==2.32.6
@@ -74,14 +74,23 @@ more-itertools==10.6.0
 moto==5.0.27
 msgpack==1.1.0
 mypy==1.14.1
+mypy-boto3-apigateway==1.36.0
+mypy-boto3-cloudwatch==1.36.0
 mypy-boto3-dynamodb==1.36.0
+mypy-boto3-ec2==1.36.5
 mypy-boto3-ecr==1.36.0
+mypy-boto3-es==1.36.0
 mypy-boto3-iam==1.36.0
 mypy-boto3-kms==1.36.0
 mypy-boto3-lambda==1.36.0
 mypy-boto3-s3==1.36.0
+mypy-boto3-secretsmanager==1.36.0
+mypy-boto3-securityhub==1.36.0
+mypy-boto3-sns==1.36.3
 mypy-boto3-sqs==1.36.0
+mypy-boto3-ssm==1.36.6
 mypy-boto3-stepfunctions==1.36.0
+mypy-boto3-sts==1.36.0
 mypy-extensions==1.0.0
 openapi-schema-validator==0.6.3
 openapi-spec-validator==0.7.1
@@ -91,8 +100,8 @@ packaging==24.2
 pathable==0.4.4
 pip==24.3.1
 posix_ipc==1.1.1
-proto-plus==1.25.0
-protobuf==4.25.5
+proto-plus==1.26.0
+protobuf==4.25.6
 psutil==6.1.1
 py-partiql-parser==0.6.1
 pyasn1==0.6.1
@@ -112,7 +121,7 @@ pytz==2024.2
 pyyaml==6.0.2
 pyzmq==26.2.0
 readchar==4.2.1
-referencing==0.35.1
+referencing==0.36.2
 requests==2.32.3
 requests-toolbelt==1.0.0
 requirements-parser==0.2.0+1
@@ -121,16 +130,16 @@ rfc3339-validator==0.1.4
 rpds-py==0.22.3
 rsa==4.7.2
 runs==1.2.2
-s3transfer==0.11.1
+s3transfer==0.11.2
 setuptools==75.6.0
 setuptools-scm==5.0.2
 six==1.17.0
 smmap==5.0.2
 strict-rfc3339==0.7
 tqdm==4.67.1
-types-awscrt==0.23.6
+types-awscrt==0.23.8
 types-chevron==0.14.2
-types-s3transfer==0.11.1
+types-s3transfer==0.11.2
 types-urllib3==1.26.20
 typing_extensions==4.12.2
 tzlocal==5.2