event rule to stop codepipeline first run (rMain only for now) #105
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Static Checking | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| cfn: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.11 | |
| - name: Set up Ruby 3.2 | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: 3.2 | |
| - name: install requirements | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install cfn-lint | |
| gem install cfn-nag | |
| - name: cfn-lint | |
| run: | | |
| find . -type f -name '*.yaml' -print0 \ | |
| | xargs -0 cfn-lint | |
| - name: cfn-nag | |
| run: | | |
| cat <<EOT >> .cfn-nag-deny-list.yml | |
| - id: W61 | |
| reason: |- | |
| Certificates are handled by customers downstream, see https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-encryption-enable.html#emr-encryption-certificates | |
| This is ignored only during CI as we want customers to be aware they need to update the security configuration should they choose to use it. | |
| EOT | |
| find . -not \( -type f -name 'template-glue-job.yaml' -o -type f -name 'template-lambda-layer.yaml' \) -type f -name '*.yaml' -print0 \ | |
| | xargs -0 -L 1 cfn_nag_scan --fail-on-warnings --ignore-fatal --deny-list-path .cfn-nag-deny-list.yml --input-path | |
| python: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.11 | |
| - name: install requirements | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install black ruff | |
| - name: black | |
| run: black --check . | |
| - name: ruff | |
| run: ruff check . | |
| shellcheck: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: install requirements | |
| run: | | |
| sudo apt update | |
| sudo apt install shellcheck | |
| - name: shellcheck | |
| run: | | |
| find . -type f \( -name '*.sh' -o -name '*.bash' -o -name '*.ksh' \) -print0 \ | |
| | xargs -0 shellcheck -x --format gcc |