Skip to content

[sdlf-pipeline][sdlf-stage-*][cdk] remove sdlf-team dependency #275

[sdlf-pipeline][sdlf-stage-*][cdk] remove sdlf-team dependency

[sdlf-pipeline][sdlf-stage-*][cdk] remove sdlf-team dependency #275

Workflow file for this run

name: Static Checking
on:
pull_request:
branches:
- main
permissions:
contents: read
jobs:
cfn:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: 3.12
- name: Set up Ruby 3.2
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.2
- name: install requirements
run: |
python -m pip install --upgrade pip
python -m pip install "cfn-lint<1"
gem install cfn-nag
- name: cfn-lint
run: |
shopt -s globstar
cfn-lint ./**/*.yaml
- name: cfn-nag
run: |
cat <<EOT >> .cfn-nag-deny-list.yml
- id: W61
reason: |-
Certificates are handled by customers downstream, see https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-encryption-enable.html#emr-encryption-certificates
This is ignored only during CI as we want customers to be aware they need to update the security configuration should they choose to use it.
EOT
find . -not \( -type f -name 'template-glue-job.yaml' -o -type f -name 'template-lambda-layer.yaml' \) -type f -name '*.yaml' -print0 \
| xargs -0 -L 1 cfn_nag_scan --fail-on-warnings --ignore-fatal --deny-list-path .cfn-nag-deny-list.yml --input-path
python:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: 3.12
- name: install requirements
run: |
python -m pip install --upgrade pip
python -m pip install ruff
- name: ruff format
run: ruff format --check .
- name: ruff
run: ruff check --output-format github .
shellcheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: install requirements
run: |
sudo apt update
sudo apt install shellcheck
- name: shellcheck
run: |
find . -type f \( -name '*.sh' -o -name '*.bash' -o -name '*.ksh' \) -print0 \
| xargs -0 shellcheck -x --format gcc