Release v9.3.0

.github/workflows/changelog.yml

@@ -13,4 +13,4 @@
 
 jobs:
   call-changelog-check-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.13.2
+    uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.15.0

.github/workflows/create-jira-issue.yml

@@ -6,10 +6,10 @@
 
 jobs:
   call-create-jira-issue-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-create-jira-issue.yml@v0.13.2
+    uses: ASFHyP3/actions/.github/workflows/reusable-create-jira-issue.yml@v0.15.0
     secrets:
       JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
       JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
       JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
       JIRA_PROJECT: ${{ secrets.JIRA_PROJECT }}
       JIRA_FIELDS: ${{ secrets.JIRA_FIELDS }}

.github/workflows/deploy-daac.yml

@@ -112,6 +112,6 @@ jobs:
   call-bump-version-workflow:
     if: github.ref == 'refs/heads/main'
     needs: deploy
-    uses: ASFHyP3/actions/.github/workflows/reusable-bump-version.yml@v0.13.2
+    uses: ASFHyP3/actions/.github/workflows/reusable-bump-version.yml@v0.15.0
     secrets:
       USER_TOKEN: ${{ secrets.TOOLS_BOT_PAK }}

.github/workflows/deploy-opera-disp-sandbox.yml

@@ -0,0 +1,80 @@
+name: Deploy OPERA-DISP Sandbox Stack to AWS
+
+on:
+  push:
+    branches:
+      - develop
+
+concurrency: ${{ github.workflow }}-${{ github.ref }}
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - environment: hyp3-opera-disp-sandbox
+            domain: hyp3-opera-disp-sandbox.asf.alaska.edu
+            template_bucket: cf-templates-1hz9ldhhl4ahu-us-west-2
+            image_tag: test
+            product_lifetime_in_days: 14
+            default_credits_per_user: 0
+            default_application_status: APPROVED
+            cost_profile: DEFAULT
+            deploy_ref: refs/heads/develop
+            job_files: >-
+              job_spec/OPERA_DISP_TMS.yml
+            instance_types: r6id.xlarge,r6id.2xlarge,r6id.4xlarge,r6id.8xlarge,r6idn.xlarge,r6idn.2xlarge,r6idn.4xlarge,r6idn.8xlarge
+            default_max_vcpus: 640
+            expanded_max_vcpus: 640
+            required_surplus: 0
+            security_environment: ASF
+            ami_id: /aws/service/ecs/optimized-ami/amazon-linux-2023/recommended/image_id
+            distribution_url: ''
+
+    environment:
+      name: ${{ matrix.environment }}
+      url: https://${{ matrix.domain }}
+
+    steps:
+      - uses: actions/[email protected]
+
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.V2_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.V2_AWS_SECRET_ACCESS_KEY }}
+          aws-session-token: ${{ secrets.V2_AWS_SESSION_TOKEN }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: 3.13
+
+      - uses: ./.github/actions/deploy-hyp3
+        with:
+          TEMPLATE_BUCKET:  ${{ matrix.template_bucket }}
+          STACK_NAME: ${{ matrix.environment }}
+          DOMAIN_NAME: ${{ matrix.domain }}
+          API_NAME: ${{ matrix.environment }}
+          CERTIFICATE_ARN:  ${{ secrets.CERTIFICATE_ARN }}
+          IMAGE_TAG: ${{ matrix.image_tag }}
+          PRODUCT_LIFETIME: ${{ matrix.product_lifetime_in_days }}
+          VPC_ID: ${{ secrets.VPC_ID }}
+          SUBNET_IDS: ${{ secrets.SUBNET_IDS }}
+          SECRET_ARN: ${{ secrets.SECRET_ARN }}
+          CLOUDFORMATION_ROLE_ARN: ${{ secrets.CLOUDFORMATION_ROLE_ARN }}
+          DEFAULT_CREDITS_PER_USER: ${{ matrix.default_credits_per_user }}
+          DEFAULT_APPLICATION_STATUS: ${{ matrix.default_application_status }}
+          COST_PROFILE: ${{ matrix.cost_profile }}
+          JOB_FILES: ${{ matrix.job_files }}
+          DEFAULT_MAX_VCPUS: ${{ matrix.default_max_vcpus }}
+          EXPANDED_MAX_VCPUS: ${{ matrix.expanded_max_vcpus }}
+          MONTHLY_BUDGET: ${{ secrets.MONTHLY_BUDGET }}
+          REQUIRED_SURPLUS: ${{ matrix.required_surplus }}
+          ORIGIN_ACCESS_IDENTITY_ID: ${{ secrets.ORIGIN_ACCESS_IDENTITY_ID }}
+          SECURITY_ENVIRONMENT: ${{ matrix.security_environment }}
+          AMI_ID: ${{ matrix.ami_id }}
+          INSTANCE_TYPES: ${{ matrix.instance_types }}
+          DISTRIBUTION_URL: ${{ matrix.distribution_url }}
+          AUTH_PUBLIC_KEY: ${{ secrets.AUTH_PUBLIC_KEY }}

.github/workflows/labeled-pr.yml

@@ -12,4 +12,4 @@
 
 jobs:
   call-labeled-pr-check-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.13.2
+    uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.15.0

.github/workflows/release-template-comment.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   call-release-checklist-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-release-checklist-comment.yml@v0.13.2
+    uses: ASFHyP3/actions/.github/workflows/reusable-release-checklist-comment.yml@v0.15.0
     permissions:
       pull-requests: write
     with:

.github/workflows/release.yml

@@ -7,8 +7,8 @@
 
 jobs:
   call-release-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-release.yml@v0.13.2
+    uses: ASFHyP3/actions/.github/workflows/reusable-release.yml@v0.15.0
     with:
       release_prefix: HyP3
     secrets:
       USER_TOKEN: ${{ secrets.TOOLS_BOT_PAK }}

.github/workflows/static-analysis.yml

@@ -8,10 +8,10 @@ on: push
 jobs:
   call-ruff-workflow:
     # Docs: https://github.com/ASFHyP3/actions
-    uses: ASFHyP3/actions/.github/workflows/reusable-ruff.yml@v0.13.2
+    uses: ASFHyP3/actions/.github/workflows/reusable-ruff.yml@v0.15.0
 
   call-mypy-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-mypy.yml@v0.14.0
+    uses: ASFHyP3/actions/.github/workflows/reusable-mypy.yml@v0.15.0
 
   cfn-lint:
     runs-on: ubuntu-latest
@@ -84,4 +84,4 @@ jobs:
           snyk iac test --severity-threshold=high
 
   call-secrets-analysis-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-secrets-analysis.yml@v0.13.2
+    uses: ASFHyP3/actions/.github/workflows/reusable-secrets-analysis.yml@v0.15.0

CHANGELOG.md

@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [9.3.0]
+
+### Added
+- Added `velocity` option for the `tile_type` parameter of `OPERA_DISP_TMS` jobs
+- Restored previously deleted `hyp3-opera-disp-sandbox` deployment
+- Added validator to check that bounds provided do not exceed maximum size for SRG jobs
+
+### Removed
+- Removed default bounds option for SRG jobs
+
 ## [9.2.0]
 
 ### Added
@@ -345,7 +355,7 @@ HyP3's monthly quota system has been replaced by a credits system. Previously, H
 ### Changed
 - Update `INSAR_ISCE` and `INSAR_ISCE_TEST` job spec for GUNW version 3+ standard and custom products
   - `frame_id` is now a required parameter and has no default
-  - `compute_solid_earth_tide` and `estimate_ionosphere_delay` now default to `true` 
+  - `compute_solid_earth_tide` and `estimate_ionosphere_delay` now default to `true`
   - `INSAR_ISCE_TEST` exposes custom `goldstein_filter_power`, `output_resolution`, `dense_offsets`, and `unfiltered_coherence` parameters
 
 ## [4.4.1]
@@ -427,7 +437,7 @@ HyP3's monthly quota system has been replaced by a credits system. Previously, H
 ## [3.10.8]
 ### Changed
 - HyP3 deployments at JPL now use On Demand instances instead of Spot instances to prevent `INSAR_ISCE` jobs from being interrupted.
-  This *should* be a temporary change. 
+  This *should* be a temporary change.
 
 ## [3.10.7]
 ### Changed
@@ -571,7 +581,7 @@ HyP3's monthly quota system has been replaced by a credits system. Previously, H
 ## [3.2.0]
 ### Added
 - [`job_spec`s](job_spec/) can now specify a required set of secrets and an AWS Secrets Manage Secret ARN to pull the
-  secret values from. Notably, secrets are now externally managed and not part of the HyP3 stack.  
+  secret values from. Notably, secrets are now externally managed and not part of the HyP3 stack.
 
 ## [3.1.2]
 ### Added
@@ -596,13 +606,13 @@ HyP3's monthly quota system has been replaced by a credits system. Previously, H
 - The `flood_depth_estimator` parameter for `WATER_MAP` jobs is now restricted to a set of possible values.
 - Changed the default value for the `flood_depth_estimator` parameter for `WATER_MAP` jobs from `iterative` to `None`.
   A value of `None` indicates that a flood map will not be included.
-- Reduced `ITS_LIVE` product lifetime cycle from 180 days to 45 days. 
+- Reduced `ITS_LIVE` product lifetime cycle from 180 days to 45 days.
 ### Removed
 - Removed the `include_flood_depth` parameter for `WATER_MAP` jobs.
 
 ## [2.25.0]
 ### Added
-- `INSAR_ISCE` and `INSAR_ISCE_TEST` jobs now accept a `weather_model` parameter to specify which weather model to use 
+- `INSAR_ISCE` and `INSAR_ISCE_TEST` jobs now accept a `weather_model` parameter to specify which weather model to use
    when estimating trophospheric delay data.
 - Increases the memory available to `AUTORIFT` jobs for Landsat pairs
 
@@ -642,7 +652,7 @@ HyP3's monthly quota system has been replaced by a credits system. Previously, H
 
 ## [2.21.8]
 ### Changed
-- AUTORIFT jobs for Sentinel-2 scenes can now only be submitted using ESA naming convention. 
+- AUTORIFT jobs for Sentinel-2 scenes can now only be submitted using ESA naming convention.
 
 ## [2.21.7]
 ### Changed
@@ -701,7 +711,7 @@ HyP3's monthly quota system has been replaced by a credits system. Previously, H
 
 ## [2.19.4]
 ### Changed
-- `scale-cluster` now adjusts the compute environment size based on total month-to-date spending, rather than only EC2 
+- `scale-cluster` now adjusts the compute environment size based on total month-to-date spending, rather than only EC2
   spending.
 
 ## [2.19.3]
@@ -865,7 +875,7 @@ HyP3's monthly quota system has been replaced by a credits system. Previously, H
   - `ASF` (default) -- AWS accounts managed by the Alaska Satellite Facility
   - `EDC` -- AWS accounts managed by the NASA Earthdata CLoud
   - `JPL` -- AWS accounts managed by the NASA Jet Propulsion Laboratory
-- A `security_environment` Make variable used by the `render` target (and any target that depends on `render`). 
+- A `security_environment` Make variable used by the `render` target (and any target that depends on `render`).
   Use like `make security_environment=ASF build`
 
 ### Changed
@@ -936,10 +946,10 @@ HyP3's monthly quota system has been replaced by a credits system. Previously, H
 
 ## [2.6.2](https://github.com/ASFHyP3/hyp3/compare/v2.6.1...v2.6.2)
 ### Added
-- New `AmiId` stack parameter to specify a specific AMI for the AWS Batch compute environment 
+- New `AmiId` stack parameter to specify a specific AMI for the AWS Batch compute environment
 
 ### Changed
-- `job_spec/*.yml` files are now explicitly selected allowing per-deployment job customization 
+- `job_spec/*.yml` files are now explicitly selected allowing per-deployment job customization
 
 ### Removed
 - `AutoriftImage`, `AutoriftNamingScheme`, and `AutoriftParameterFile` CloudFormation stack parameters
@@ -994,7 +1004,7 @@ to the database but still validate it.
   - `name` gets only subscriptions with the given name
   - `job_type` gets only subscriptions with the given job type
   - `enabled` gets only subscriptions where `enabled` matches
-- subscriptions now include `creation_date` which indicates date and time of subscription creation, responses from 
+- subscriptions now include `creation_date` which indicates date and time of subscription creation, responses from
 `GET /subscriptions` are sorted by `creation_date` decending
 
 
@@ -1033,7 +1043,7 @@ to the database but still validate it.
 - `lib/dynamo` library to allow sharing common code among different apps.
 
 ## Changed
-- `POST /jobs` responses no longer include the `job_id`, `request_time`, `status_code`, or `user_id` fields when `validate_only=true` 
+- `POST /jobs` responses no longer include the `job_id`, `request_time`, `status_code`, or `user_id` fields when `validate_only=true`
 - moved dynamodb functionality from `hyp3_api/dynamo` to `lib/dynamo`
 - moved job creation buisness logic from `hyp3_api/handlers` to `lib/dynamo`
 

CODE_OF_CONDUCT.md

@@ -3,14 +3,10 @@
 ## Our Pledge
 
 We as members, contributors, and leaders pledge to make participation in our
-community a harassment-free experience for everyone, regardless of age, body
-size, visible or invisible disability, ethnicity, sex characteristics, gender
-identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, religion, or sexual identity
-and orientation.
+community a harassment-free experience for everyone.
 
 We pledge to act and interact in ways that contribute to an open, welcoming,
-diverse, inclusive, and healthy community.
+and healthy community.
 
 ## Our Standards