From 5791d353c8c7dad3a6d90fb82f9e7ef241affa72 Mon Sep 17 00:00:00 2001
From: heitorlessa <lessa@amazon.co.uk>
Date: Tue, 25 Jul 2023 14:39:50 +0200
Subject: [PATCH 01/11] fix(parameters): make cache aware of single vs multiple
 calls

Signed-off-by: heitorlessa <lessa@amazon.co.uk>
---
 aws_lambda_powertools/utilities/parameters/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws_lambda_powertools/utilities/parameters/base.py b/aws_lambda_powertools/utilities/parameters/base.py
index 2317ebc82d9..4ee6caa6c2f 100644
--- a/aws_lambda_powertools/utilities/parameters/base.py
+++ b/aws_lambda_powertools/utilities/parameters/base.py
@@ -28,7 +28,7 @@
 
 from aws_lambda_powertools.shared import constants, user_agent
 from aws_lambda_powertools.shared.functions import resolve_max_age
-from aws_lambda_powertools.utilities.parameters.types import TransformOptions
+from aws_lambda_powertools.utilities.parameters.types import RecursiveOptions, TransformOptions
 
 from .exceptions import GetParameterError, TransformParameterError
 

From 9d313e0a20adfa9cef9a2d96eb0956498f40c2e3 Mon Sep 17 00:00:00 2001
From: heitorlessa <lessa@amazon.co.uk>
Date: Tue, 25 Jul 2023 15:16:51 +0200
Subject: [PATCH 02/11] chore: cleanup, add test for single and nested

Signed-off-by: heitorlessa <lessa@amazon.co.uk>
---
 aws_lambda_powertools/utilities/parameters/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws_lambda_powertools/utilities/parameters/base.py b/aws_lambda_powertools/utilities/parameters/base.py
index 4ee6caa6c2f..2317ebc82d9 100644
--- a/aws_lambda_powertools/utilities/parameters/base.py
+++ b/aws_lambda_powertools/utilities/parameters/base.py
@@ -28,7 +28,7 @@
 
 from aws_lambda_powertools.shared import constants, user_agent
 from aws_lambda_powertools.shared.functions import resolve_max_age
-from aws_lambda_powertools.utilities.parameters.types import RecursiveOptions, TransformOptions
+from aws_lambda_powertools.utilities.parameters.types import TransformOptions
 
 from .exceptions import GetParameterError, TransformParameterError
 

From 1dd7808c0a214481d88801517db61bc392fdd27b Mon Sep 17 00:00:00 2001
From: heitorlessa <lessa@amazon.co.uk>
Date: Fri, 5 Apr 2024 17:38:04 +0200
Subject: [PATCH 03/11] chore: first experiment with central but private
 workflow

---
 .../on_schedule_monthly_roadmap_reminder.yml  | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/on_schedule_monthly_roadmap_reminder.yml

diff --git a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
new file mode 100644
index 00000000000..4956a3ff38f
--- /dev/null
+++ b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
@@ -0,0 +1,20 @@
+name: Monthly roadmap reminder
+
+on:
+    workflow_dispatch:
+#   schedule:
+#     - cron: '0 0 1 * *'
+
+permissions:
+    contents: read
+    pull-requests: read
+    issues: read
+
+
+jobs:
+    call-workflow-passing-data:
+        uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@fd4575466e5c2ac10703ac16f5aa9fb8890f532a
+        with:
+            token: ${{ github.token }}
+
+

From b7fdb4eab182791920317acaa00cab102880d956 Mon Sep 17 00:00:00 2001
From: heitorlessa <lessa@amazon.co.uk>
Date: Fri, 5 Apr 2024 17:42:55 +0200
Subject: [PATCH 04/11] chore: test workflow

---
 .github/workflows/on_schedule_monthly_roadmap_reminder.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
index 4956a3ff38f..bc1bcf78a98 100644
--- a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
+++ b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
@@ -1,7 +1,7 @@
 name: Monthly roadmap reminder
 
 on:
-    workflow_dispatch:
+    workflow_dispatch: {}
 #   schedule:
 #     - cron: '0 0 1 * *'
 

From 8a448b670e7ce8e9ae165880659368a8a6f44c99 Mon Sep 17 00:00:00 2001
From: heitorlessa <lessa@amazon.co.uk>
Date: Fri, 5 Apr 2024 18:13:29 +0200
Subject: [PATCH 05/11] chore(ci): test with branch over sha as it was not
 found

---
 .github/workflows/on_schedule_monthly_roadmap_reminder.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
index bc1bcf78a98..0dc4aed0979 100644
--- a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
+++ b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
@@ -13,7 +13,7 @@ permissions:
 
 jobs:
     call-workflow-passing-data:
-        uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@fd4575466e5c2ac10703ac16f5aa9fb8890f532a
+        uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@main
         with:
             token: ${{ github.token }}
 

From fa299259eeb43867c9ca988ab6336c86e2a6c1ea Mon Sep 17 00:00:00 2001
From: heitorlessa <lessa@amazon.co.uk>
Date: Fri, 5 Apr 2024 18:21:02 +0200
Subject: [PATCH 06/11] chore(ci): use secrets for new workflow_call

---
 .github/workflows/on_schedule_monthly_roadmap_reminder.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
index 0dc4aed0979..a401a2d7ce7 100644
--- a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
+++ b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
@@ -14,7 +14,5 @@ permissions:
 jobs:
     call-workflow-passing-data:
         uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@main
-        with:
-            token: ${{ github.token }}
-
-
+        secrets:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From 9081206be77aa1dff13e0d51b93e4331dada2ba5 Mon Sep 17 00:00:00 2001
From: heitorlessa <lessa@amazon.co.uk>
Date: Fri, 5 Apr 2024 18:23:00 +0200
Subject: [PATCH 07/11] chore(ci): update named secret input

---
 .github/workflows/on_schedule_monthly_roadmap_reminder.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
index a401a2d7ce7..71f63964f25 100644
--- a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
+++ b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
@@ -15,4 +15,4 @@ jobs:
     call-workflow-passing-data:
         uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@main
         secrets:
-            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            token: ${{ secrets.GITHUB_TOKEN }}

From aea7de7b55f1d18e89f0bd19fb06742a34e3d8a1 Mon Sep 17 00:00:00 2001
From: heitorlessa <lessa@amazon.co.uk>
Date: Fri, 5 Apr 2024 18:55:45 +0200
Subject: [PATCH 08/11] chore(ci): apply least-privilege permissions at job
 level

---
 .github/workflows/on_schedule_monthly_roadmap_reminder.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
index 71f63964f25..192a293b022 100644
--- a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
+++ b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
@@ -7,12 +7,14 @@ on:
 
 permissions:
     contents: read
-    pull-requests: read
-    issues: read
 
 
 jobs:
     call-workflow-passing-data:
+        permissions:
+            contents: read
+            pull-requests: read
+            issues: write  # create monthly roadmap report
         uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@main
         secrets:
             token: ${{ secrets.GITHUB_TOKEN }}

From 05693d8bc2b8649d513342e630d1670421b6dffa Mon Sep 17 00:00:00 2001
From: heitorlessa <lessa@amazon.co.uk>
Date: Fri, 5 Apr 2024 19:39:01 +0200
Subject: [PATCH 09/11] chore(ci): make monthly roadmap reminder workflow
 immutable for sec

---
 .github/workflows/on_schedule_monthly_roadmap_reminder.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
index 192a293b022..afe99e62edb 100644
--- a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
+++ b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
@@ -2,8 +2,8 @@ name: Monthly roadmap reminder
 
 on:
     workflow_dispatch: {}
-#   schedule:
-#     - cron: '0 0 1 * *'
+    schedule:
+      - cron: '0 0 1 * *'
 
 permissions:
     contents: read
@@ -15,6 +15,6 @@ jobs:
             contents: read
             pull-requests: read
             issues: write  # create monthly roadmap report
-        uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@main
+        uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@dd7035996f1813dbc50fe78e523d4c2a074258a9
         secrets:
             token: ${{ secrets.GITHUB_TOKEN }}

From ce9b2bdc5ab8eca233996c42197a91ac3e4451ad Mon Sep 17 00:00:00 2001
From: heitorlessa <lessa@amazon.co.uk>
Date: Fri, 5 Apr 2024 19:39:44 +0200
Subject: [PATCH 10/11] chore(ci): add note about cronjob

---
 .github/workflows/on_schedule_monthly_roadmap_reminder.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
index afe99e62edb..ac4ba01ebb3 100644
--- a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
+++ b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
@@ -3,7 +3,7 @@ name: Monthly roadmap reminder
 on:
     workflow_dispatch: {}
     schedule:
-      - cron: '0 0 1 * *'
+      - cron: '0 0 1 * *'  # runs first day of the month
 
 permissions:
     contents: read

From e44c20f5541f3e527c566e8e8b5535fb2baaf12a Mon Sep 17 00:00:00 2001
From: heitorlessa <lessa@amazon.co.uk>
Date: Thu, 2 May 2024 12:59:31 +0200
Subject: [PATCH 11/11] chore: add powertools actions to allow list until
 releases are done

Signed-off-by: heitorlessa <lessa@amazon.co.uk>
---
 .github/workflows/on_schedule_monthly_roadmap_reminder.yml | 4 +++-
 .github/workflows/secure_workflows.yml                     | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
index ac4ba01ebb3..a274e2dea08 100644
--- a/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
+++ b/.github/workflows/on_schedule_monthly_roadmap_reminder.yml
@@ -15,6 +15,8 @@ jobs:
             contents: read
             pull-requests: read
             issues: write  # create monthly roadmap report
-        uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@dd7035996f1813dbc50fe78e523d4c2a074258a9
+
+        # setting to `@main` until we have releases and governance installed
+        uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@main
         secrets:
             token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/secure_workflows.yml b/.github/workflows/secure_workflows.yml
index b1db349d5e8..f815acb6e2d 100644
--- a/.github/workflows/secure_workflows.yml
+++ b/.github/workflows/secure_workflows.yml
@@ -34,4 +34,6 @@ jobs:
       - name: Ensure 3rd party workflows have SHA pinned
         uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ba37328d4ea95eaf8b3bd6c6cef308f709a5f2ec # v3.0.3
         with:
-          allowlist: slsa-framework/slsa-github-generator
+          allowlist: |
+            slsa-framework/slsa-github-generator
+            aws-powertools/actions