Skip to content

docs - continue to fix example policies (#9810) #32

docs - continue to fix example policies (#9810)

docs - continue to fix example policies (#9810) #32

Workflow file for this run

name: "CI"
on:
push:
branches:
- main
pull_request:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
env:
POETRY_VERSION: "1.5.1"
DEFAULT_PY_VERSION: "3.11"
jobs:
Lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.DEFAULT_PY_VERSION }}
- name: Install Linter
run: |
RUFF_VERSION="$(python tools/dev/lint_version.py ruff poetry.lock)"
BLACK_VERSION="$(python tools/dev/lint_version.py black poetry.lock)"
pip install ruff=="$RUFF_VERSION" black=="$BLACK_VERSION"
- name: Set up Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_wrapper: false
# last OSS version
terraform_version: "1.5.5"
- name: Lint Check
env:
RUFF_OUTPUT_FORMAT: github
run: |
make lint
- name: Check Workflows
run: |
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
./actionlint -color
Analyzer:
runs-on: ubuntu-latest
needs: Lint
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.DEFAULT_PY_VERSION }}
- name: Run Bandit
run: |
python -m pip install bandit
make analyzer-bandit
- name: Run Semgrep
run: |
python -m pip install semgrep
make analyzer-semgrep
Docs:
runs-on: ubuntu-latest
needs: Lint
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Install Custodian
uses: ./.github/composites/install
with:
python-version: ${{ env.DEFAULT_PY_VERSION }}
poetry-version: ${{ env.POETRY_VERSION }}
- name: Set up doc cache
uses: actions/cache@v4
id: sphinx
with:
path: |
docs/build
docs/source/aws/resources
docs/source/gcp/resources
docs/source/azure/resources
docs/source/awscc/resources
docs/source/tencentcloud/resources
key: sphinx-docs-${{ runner.os }}-3.11-v3-${{ hashFiles('**/poetry.lock') }}
- name: Build Docs
shell: bash
run: |
make sphinx
- name: Update Docs Cache
# basically to prevent the docs cache from going stale as we're not keying
# on its contents, on merges to main we update the cache to prevent
# staleness.
if: ${{ github.event_name == 'push' }}
uses: actions/cache/save@v4
with:
path: |
docs/build
docs/source/aws/resources
docs/source/gcp/resources
docs/source/azure/resources
docs/source/awscc/resources
docs/source/tencentcloud/resources
key: sphinx-docs-${{ runner.os }}-3.11-v3-${{ hashFiles('**/poetry.lock') }}
- name: Deploy Docs
if: ${{ github.event_name == 'push' }}
uses: ./.github/composites/docs-publish
with:
aws-role: ${{ secrets.DOCS_PUBLISH_ROLE }}
docs-dir: docs/build/html
bucket-url: s3://cloudcustodian.io/docs
Docker:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: c7n build and test
uses: ./.github/composites/docker-build-push
with:
name: c7n
push: false
platforms: linux/amd64
Tests:
runs-on: "${{ matrix.os }}"
needs: Lint
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ["3.11"]
include:
- os: ubuntu-latest
python-version: "3.12"
- os: ubuntu-latest
python-version: "3.10"
- os: ubuntu-latest
python-version: "3.9"
- os: ubuntu-latest
python-version: "3.8"
steps:
- uses: actions/checkout@v4
- name: Set up Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_wrapper: false
# last OSS version
terraform_version: "1.5.5"
- name: Install Custodian
uses: ./.github/composites/install
with:
python-version: ${{ matrix.python-version }}
poetry-version: ${{ env.POETRY_VERSION }}
- name: Test
shell: bash
env:
COV_RUN: ${{ contains(matrix.python-version, '3.11') && contains(matrix.os, 'ubuntu') }}
run: |
if [[ "$COV_RUN" == "true" ]]
then
make test-coverage COVERAGE_TYPE=term
poetry run coverage xml
else
make test
fi
- name: Upload Code Coverage
uses: codecov/codecov-action@v4
if: contains(matrix.python-version, '3.11') && contains(matrix.os, 'ubuntu')
with:
files: ./coverage.xml
name: codecov
- name: License Check
if: contains(matrix.python-version, '3.11') && contains(matrix.os, 'ubuntu')
run: |
poetry run python tools/dev/license-check.py