Merge branch 'main' into eafile-method-resolution

.gitattributes

@@ -1,3 +1,3 @@
 notebooks/** linguist-documentation
 docs/** linguist-documentation
-tests/unit/fixtures/vcr_cassettes/** linguist-documentation
+tests/unit/fixtures/vcr_cassettes/** linguist-documentation

.github/ISSUE_TEMPLATE/bug.yml

@@ -0,0 +1,67 @@
+name: 🐞 Bug
+description: >
+  A bug is an issue that differs from documentation or has unexpected behavior.
+title: "[BUG] {{ title }}"
+labels:
+  - Bug
+  - Needs Triage
+body:
+  - type: checkboxes
+    attributes:
+      label: Is this issue already tracked somewhere, or is this a new report?
+      description: Check if a similar issue has already been reported before submitting a new one.
+      options:
+        - label: I've reviewed existing issues and couldn't find a duplicate for this problem.
+          required: true
+
+  - type: textarea
+    attributes:
+      label: Current Behavior
+      description: A concise description of what you're experiencing.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: A concise description of what you expected to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: |
+        Steps to Reproduce
+        1. In this environment...
+        2. With this config...
+        3. Run '...'
+        4. See error...
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Environment
+      description: |
+        Examples:
+        - **OS**: Ubuntu 20.04
+        - **Python**: 3.11.2
+      value: |
+        - OS:
+        - Python:
+      render: markdown
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Additional Context
+      description: |
+        Any additional information that might be helpful in resolving this issue, such as:
+        - Error messages or stack traces
+        - Relevant configuration files or code snippets
+
+        Tip: You can attach files or images by clicking this area to highlight it and then dragging files in.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+  - name: 🌟 Community support
+    url: https://github.com/nsidc/earthaccess/discussions/categories/q-a
+    about: Explore this section to ask questions, share insights, and connect with others about Earthdata access and usage.
+  - name: 💡 Suggest a new feature
+    url: https://github.com/nsidc/earthaccess/discussions/new?category=ideas
+    about: Got a brilliant idea? Share your innovative suggestions to help us make amazing improvements!

.github/actions/install-pkg/action.yml

@@ -0,0 +1,24 @@
+name: Install earthaccess Python package
+description: Install earthaccess Python package and testing dependencies
+
+inputs:
+  python-version:
+    description: Version of Python to use
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - uses: actions/setup-python@v5
+      with:
+        python-version: ${{ inputs.python-version }}
+        cache: pip
+
+    - name: Display full python version
+      shell: bash
+      id: full-python-version
+      run: echo "version=$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info))")" >> $GITHUB_OUTPUT
+
+    - name: Install package and test dependencies
+      shell: bash
+      run: pip install .[test]

.github/pull_request_template.md

@@ -0,0 +1,62 @@
+<!--
+Replace this text, including the symbols above and below it, with descriptive text about
+the change you are proposing. Please include a reference to any issues addressed or
+resolved in that text, for example "resolves #1".
+-->
+
+<!--
+IMPORTANT: As a contributor, we would like as much help as you can offer, but we only
+expect you to complete the steps in the "PR draft checklist" below. Maintainers are
+willing and ready to help pick it up from there!
+
+Please start by opening this Pull Request as a "draft". You can do this by
+clicking the arrow on the right side of the green "Create pull request" button. While
+your pull request is in "draft" state, maintainers will assume the PR isn't ready for
+their attention unless they are specifically summoned using GitHub's @ system.
+
+Follow the draft checklist below to move the PR out of draft state. If you accidentally
+created the PR as a non-draft, don't worry, you can still change it to a draft using the
+"Convert to draft" button on  the right side panel under the "Reviewers" section.
+-->
+
+<details><summary>Pull Request (PR) draft checklist - click to expand</summary>
+
+- [ ] Please review our
+      [contributing documentation](https://earthaccess.readthedocs.io/en/latest/contributing/)
+      before getting started.
+- [ ] Ensure an issue exists representing the problem being solved in this PR.
+- [ ] Populate a descriptive title. For example, instead of "Updated README.md", use a
+      title such as "Add testing details to the contributor section of the README".
+      Example PRs: [#763](https://github.com/nsidc/earthaccess/pull/763)
+- [ ] Populate the body of the pull request with:
+    - A clear description of the change you are proposing.
+    - Links to any issues resolved by this PR with text in the PR description, for
+      example `closes #1`. See
+      [GitHub docs - Linking a pull request to an issue](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue).
+- [ ] Update `CHANGELOG.md` with details about your change in a section titled
+      `## Unreleased`. If such a section does not exist, please create one. Follow
+      [Common Changelog](https://common-changelog.org/) for your additions.
+      Example PRs: [#763](https://github.com/nsidc/earthaccess/pull/763)
+- [ ] Update the documentation and/or the `README.md` with details of changes to the
+      earthaccess interface, if any. Consider new environment variables, function names,
+      decorators, etc.
+
+Click the "Ready for review" button at the bottom of the "Conversation" tab in GitHub
+once these requirements are fulfilled. Don't worry if you see any test failures in
+GitHub at this point!
+
+</details>
+
+<details><summary>Pull Request (PR) merge checklist - click to expand</summary>
+
+Please do your best to complete these requirements! If you need help with any of these
+requirements, you can ping the `@nsidc/earthaccess-support` team in a comment and we
+will help you out!
+
+- [ ] Add unit tests for any new features.
+- [ ] Apply formatting and linting autofixes. You can add a GitHub comment in this Pull
+      Request containing "pre-commit.ci autofix" to automate this.
+- [ ] Ensure all automated PR checks (seen at the bottom of the "conversation" tab) pass.
+- [ ] Get at least one approving review.
+
+</details>

.github/workflows/integration-test.yml

@@ -2,6 +2,7 @@ name: Integration Tests
 
 on:
   pull_request:
+  pull_request_target:
   push:
     branches:
       - main
@@ -17,59 +18,71 @@ concurrency:
   group: integration-tests-${{ github.ref }}
   cancel-in-progress: true
 
-defaults:
-  run:
-    shell: bash -l {0}
-
 jobs:
   integration-tests:
+    #
+    # This condition prevents DUPLICATE attempts to run integration tests for
+    # PRs coming from FORKS.
+    #
+    # When a PR originates from a fork, both a pull_request and a
+    # pull_request_target event are triggered.  This means that without a
+    # condition, GitHub will attempt to run integration tests TWICE, once for
+    # each event.
+    #
+    # To prevent this, this condition ensures that integration tests are run
+    # in only ONE of the following cases:
+    #
+    #   1. The event is NOT a pull_request.  This covers the case when the event
+    #      is a pull_request_target (i.e., a PR from a fork), as well as all
+    #      other cases listed in the "on" block at the top of this file.
+    #   2. The event IS a pull_request AND the base repo and head repo are the
+    #      same (i.e., the PR is NOT from a fork).
+    #
+    if: github.event_name != 'pull_request' || github.event.pull_request.base.repo.full_name == github.event.pull_request.head.repo.full_name
     runs-on: ubuntu-latest
     strategy:
       matrix:
         python-version: ["3.9", "3.10", "3.11", "3.12"]
       fail-fast: false
 
     steps:
-      - uses: actions/checkout@v4
-      - name: Set up Python
-        uses: actions/setup-python@v5
+      - name: Fetch user permission
+        id: permission
+        uses: actions-cool/check-user-permission@v2
         with:
-          python-version: ${{ matrix.python-version }}
-      - name: Get full python version
-        id: full-python-version
-        run: echo ::set-output name=version::$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info))")
-      - name: Install poetry
-        uses: abatilo/actions-poetry@v3
-      - name: Configure poetry
+          require: write
+          username: ${{ github.triggering_actor }}
+
+      - name: Check user permission
+        if: ${{ steps.permission.outputs.require-result == 'false' }}
+        # If the triggering actor does not have write permission (i.e., this is a
+        # PR from a fork), then we exit, otherwise most of the integration tests will
+        # fail because they require access to secrets.  In this case, a maintainer
+        # will need to make sure the PR looks safe, and if so, manually re-run the
+        # failed pull_request_target jobs.
         run: |
-          poetry config virtualenvs.create true --local
-          poetry config virtualenvs.in-project true --local
-          poetry self add setuptools
-      - name: Set up cache
-        uses: actions/cache@v4
-        id: cache
+          echo "User **${{ github.triggering_actor }}** does not have permission to run integration tests." >> $GITHUB_STEP_SUMMARY
+          echo "A maintainer must perform a security review and re-run this build, if the code is safe." >> $GITHUB_STEP_SUMMARY
+          echo "See [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/resources/github-actions-preventing-pwn-requests)." >> $GITHUB_STEP_SUMMARY
+          exit 1
+
+      - name: Checkout source
+        uses: actions/checkout@v4
+
+      - name: Install package with dependencies
+        uses: ./.github/actions/install-pkg
         with:
-          path: .venv
-          key: venv-${{ runner.os }}-${{ steps.full-python-version.outputs.version }}-${{ hashFiles('poetry.lock') }}
-      - name: Ensure cache is healthy
-        if: steps.cache.outputs.cache-hit == 'true'
-        run: poetry run pip --version >/dev/null 2>&1 || rm -rf .venv
-      - name: Install Dependencies
-        if: ${{ !env.ACT }}
-        run: poetry install
-      - name: Install Dependencies
-        if: ${{ env.ACT }}
-        # When using `act` to run the workflow locally, the `poetry install` command
-        # may fail due to network issues when running multiple Docker containers.
-        run: poetry install || poetry install || poetry install
-      - name: Test
+          python-version: ${{ matrix.python-version }}
+
+      - name: Run integration tests
         env:
           EARTHDATA_USERNAME: ${{ secrets.EDL_USERNAME }}
           EARTHDATA_PASSWORD: ${{ secrets.EDL_PASSWORD }}
           EARTHACCESS_TEST_USERNAME: ${{ secrets.EDL_USERNAME }}
           EARTHACCESS_TEST_PASSWORD: ${{ secrets.EDL_PASSWORD }}
-        run: poetry run bash scripts/integration-test.sh
-      - name: Upload coverage
+        run: ./scripts/integration-test.sh
+
+      - name: Upload coverage report
         # Don't upload coverage when using the `act` tool to run the workflow locally
         if: ${{ !env.ACT }}
         uses: codecov/codecov-action@v4

.github/workflows/publish.yml

@@ -5,13 +5,32 @@ on:
 
 jobs:
   build:
+    name: Build package
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+
       - name: verify version matches git tag
         run: scripts/verify_tag.sh
-      - name: Build and publish to pypi
-        uses: JRubics/poetry-publish@v2.0
+
+      - uses: hynek/build-and-inspect-python-package@v2
+
+  publish:
+    name: Publish to PyPI
+    needs: ["build"]
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: Packages
+          path: dist
+
+      - uses: pypa/gh-action-pypi-publish@release/v1
+        # NOTE: This is not the current best practice. Instead, we should use
+        # "trusted publishing":
+        # https://github.com/pypa/gh-action-pypi-publish?tab=readme-ov-file#trusted-publishing
         with:
-          python_version: "3.9"
-          pypi_token: ${{ secrets.PYPI_TOKEN }}
+          password: ${{ secrets.PYPI_TOKEN }}

.github/workflows/test-mindeps.yml

@@ -1,4 +1,4 @@
-name: Test minimum dependencies
+name: Unit test minimum dependencies
 
 on:
   push:
@@ -11,11 +11,6 @@ concurrency:
   group: test-mindeps-${{ github.ref }}
   cancel-in-progress: true
 
-# Required shell entrypoint to have properly activated conda environments
-defaults:
-  run:
-    shell: bash -l {0}
-
 jobs:
   test-mindeps:
     runs-on: ubuntu-latest
@@ -25,25 +20,26 @@ jobs:
     steps:
       - name: Checkout source
         uses: actions/checkout@v4.1.1
-      - name: Setup Conda Environment
-        uses: conda-incubator/setup-miniconda@v3.0.4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v2
+        with:
+          version: "0.4.7"
+          enable-cache: true
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
         with:
-          miniforge-variant: Mambaforge
-          miniforge-version: latest
-          use-mamba: true
-          channel-priority: strict
-          environment-file: ci/environment-mindeps.yaml
-          activate-environment: test-environment
-          auto-activate-base: false
+          python-version-file: pyproject.toml
 
-      - name: Install
-        run: python -m pip install --no-deps -e .
+      - name: Install minimum-compatible dependencies
+        run: uv sync --resolution lowest-direct --extra test
 
-      - name: mamba list
-        run: mamba list
+      - name: Install earthaccess
+        run: uv pip install --no-deps .
 
       - name: Test
-        run: bash scripts/test.sh
+        run: uv run pytest tests/unit --cov=earthaccess --cov=tests --cov-report=term-missing --capture=no --tb=native --log-cli-level=INFO
 
       - name: Upload coverage
         # Don't upload coverage when using the `act` tool to run the workflow locally