aws - dms-endpoint - kms-key filter (#9871) #42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI" | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
cancel-in-progress: true | |
env: | |
POETRY_VERSION: "1.5.1" | |
DEFAULT_PY_VERSION: "3.11" | |
jobs: | |
Lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.DEFAULT_PY_VERSION }} | |
- name: Install Linter | |
run: | | |
RUFF_VERSION="$(python tools/dev/lint_version.py ruff poetry.lock)" | |
BLACK_VERSION="$(python tools/dev/lint_version.py black poetry.lock)" | |
pip install ruff=="$RUFF_VERSION" black=="$BLACK_VERSION" | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_wrapper: false | |
# last OSS version | |
terraform_version: "1.5.5" | |
- name: Lint Check | |
env: | |
RUFF_OUTPUT_FORMAT: github | |
run: | | |
make lint | |
- name: Check Workflows | |
run: | | |
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) | |
./actionlint -color | |
Analyzer: | |
runs-on: ubuntu-latest | |
needs: Lint | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.DEFAULT_PY_VERSION }} | |
- name: Run Bandit | |
run: | | |
python -m pip install bandit | |
make analyzer-bandit | |
- name: Run Semgrep | |
run: | | |
python -m pip install semgrep | |
make analyzer-semgrep | |
Docs: | |
runs-on: ubuntu-latest | |
needs: Lint | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Custodian | |
uses: ./.github/composites/install | |
with: | |
python-version: ${{ env.DEFAULT_PY_VERSION }} | |
poetry-version: ${{ env.POETRY_VERSION }} | |
- name: Set up doc cache | |
uses: actions/cache@v4 | |
id: sphinx | |
with: | |
path: | | |
docs/build | |
docs/source/aws/resources | |
docs/source/gcp/resources | |
docs/source/azure/resources | |
docs/source/awscc/resources | |
docs/source/tencentcloud/resources | |
key: sphinx-docs-${{ runner.os }}-3.11-v3-${{ hashFiles('**/poetry.lock') }} | |
- name: Build Docs | |
shell: bash | |
run: | | |
make sphinx | |
- name: Update Docs Cache | |
# basically to prevent the docs cache from going stale as we're not keying | |
# on its contents, on merges to main we update the cache to prevent | |
# staleness. | |
if: ${{ github.event_name == 'push' }} | |
uses: actions/cache/save@v4 | |
with: | |
path: | | |
docs/build | |
docs/source/aws/resources | |
docs/source/gcp/resources | |
docs/source/azure/resources | |
docs/source/awscc/resources | |
docs/source/tencentcloud/resources | |
key: sphinx-docs-${{ runner.os }}-3.11-v3-${{ hashFiles('**/poetry.lock') }} | |
- name: Deploy Docs | |
if: ${{ github.event_name == 'push' }} | |
uses: ./.github/composites/docs-publish | |
with: | |
aws-role: ${{ secrets.DOCS_PUBLISH_ROLE }} | |
docs-dir: docs/build/html | |
bucket-url: s3://cloudcustodian.io/docs | |
Docker: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: c7n build and test | |
uses: ./.github/composites/docker-build-push | |
with: | |
name: c7n | |
push: false | |
platforms: linux/amd64 | |
Tests: | |
runs-on: "${{ matrix.os }}" | |
needs: Lint | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
python-version: ["3.11"] | |
include: | |
- os: ubuntu-latest | |
python-version: "3.12" | |
- os: ubuntu-latest | |
python-version: "3.10" | |
- os: ubuntu-latest | |
python-version: "3.9" | |
- os: ubuntu-latest | |
python-version: "3.8" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_wrapper: false | |
# last OSS version | |
terraform_version: "1.5.5" | |
- name: Install Custodian | |
uses: ./.github/composites/install | |
with: | |
python-version: ${{ matrix.python-version }} | |
poetry-version: ${{ env.POETRY_VERSION }} | |
- name: Test | |
shell: bash | |
env: | |
COV_RUN: ${{ contains(matrix.python-version, '3.11') && contains(matrix.os, 'ubuntu') }} | |
run: | | |
if [[ "$COV_RUN" == "true" ]] | |
then | |
make test-coverage COVERAGE_TYPE=term | |
poetry run coverage xml | |
else | |
make test | |
fi | |
- name: Upload Code Coverage | |
uses: codecov/codecov-action@v4 | |
if: contains(matrix.python-version, '3.11') && contains(matrix.os, 'ubuntu') | |
with: | |
files: ./coverage.xml | |
name: codecov | |
- name: License Check | |
if: contains(matrix.python-version, '3.11') && contains(matrix.os, 'ubuntu') | |
run: | | |
poetry run python tools/dev/license-check.py |