chore: Auto add checks to readme #57
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Test AWS Compliance Free Policies: Snowflake" | |
on: | |
pull_request: | |
paths: | |
- "transformations/aws/compliance-free/**" | |
- ".github/workflows/transformations_aws_compliance_free_snowflake.yml" | |
- "transformations/aws/macros/**" | |
- "transformations/aws/models/**" | |
- "transformations/macros/**" | |
push: | |
branches: | |
- main | |
paths: | |
- "transformations/aws/compliance-free/**" | |
- ".github/workflows/transformations_aws_compliance_free_snowflake.yml" | |
- "transformations/aws/macros/**" | |
- "transformations/aws/models/**" | |
- "transformations/macros/**" | |
jobs: | |
transformations-aws-compliance-free: | |
name: transformations/aws/compliance-free | |
timeout-minutes: 30 | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./transformations/aws/compliance-free | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.9" | |
cache: "pip" | |
cache-dependency-path: "./transformations/aws/compliance-free/requirements.txt" | |
- name: Install dependencies | |
run: pip install -r requirements.txt | |
- name: Setup CloudQuery | |
uses: cloudquery/setup-cloudquery@v3 | |
with: | |
version: v4.0.0 | |
# Test unpacked version | |
- name: Migrate DB | |
run: cloudquery migrate tests/snowflake.yml | |
env: | |
SNOWFLAKE_CONNECTION_STRING: "${{ secrets.SNOW_USER }}:${{ secrets.SNOW_PASSWORD }}@${{ secrets.SNOW_ACCOUNT }}.${{ secrets.SNOW_REGION }}/${{ secrets.SNOW_DATABASE }}/${{ secrets.SNOW_SCHEMA }}?warehouse=${{ secrets.SNOW_WAREHOUSE }}" | |
- name: Run Policies | |
run: | | |
dbt run --target dev-snowflake --profiles-dir ./tests --select --select aws_compliance__security_group_ingress_rules, aws_compliance__api_gateway_method_settingse_selected_only, aws_compliance__foundational_security | |
env: | |
SNOW_USER: ${{ secrets.SNOW_USER }} | |
SNOW_PASSWORD: ${{ secrets.SNOW_PASSWORD }} | |
# DBT assumes the account is in the form of <account>.<region> | |
SNOW_ACCOUNT: "${{ secrets.SNOW_ACCOUNT }}.${{ secrets.SNOW_REGION }}" | |
SNOW_WAREHOUSE: ${{ secrets.SNOW_WAREHOUSE }} | |
SNOW_DATABASE: ${{ secrets.SNOW_DATABASE }} | |
SNOW_SCHEMA: ${{ secrets.SNOW_SCHEMA }} | |
SNOW_REGION: ${{ secrets.SNOW_REGION }} |