SeedFarmer Support #195
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Static Checking | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| cfn: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python 3.12 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| - name: Set up Ruby 3.2 | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: 3.2 | |
| - name: install requirements | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install cfn-lint | |
| gem install cfn-nag | |
| - name: cfn-lint | |
| run: | | |
| find . -type f -name '*.yaml' -print0 \ | |
| | xargs -0 cfn-lint | |
| - name: cfn-nag | |
| run: | | |
| cat <<EOT >> .cfn-nag-deny-list.yml | |
| - id: W61 | |
| reason: |- | |
| Certificates are handled by customers downstream, see https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-encryption-enable.html#emr-encryption-certificates | |
| This is ignored only during CI as we want customers to be aware they need to update the security configuration should they choose to use it. | |
| EOT | |
| find . -not \( -type f -name 'template-glue-job.yaml' -o -type f -name 'template-lambda-layer.yaml' \) -type f -name '*.yaml' -print0 \ | |
| | xargs -0 -L 1 cfn_nag_scan --fail-on-warnings --ignore-fatal --deny-list-path .cfn-nag-deny-list.yml --input-path | |
| python: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python 3.12 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| - name: install requirements | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install ruff | |
| - name: ruff format | |
| run: ruff format --check . | |
| - name: ruff | |
| run: ruff check --output-format github . | |
| shellcheck: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: install requirements | |
| run: | | |
| sudo apt update | |
| sudo apt install shellcheck | |
| - name: shellcheck | |
| run: | | |
| find . -type f \( -name '*.sh' -o -name '*.bash' -o -name '*.ksh' \) -print0 \ | |
| | xargs -0 shellcheck -x --format gcc |