Skip to content

chore: Generates and checks PURLS on the CI #1364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 6 commits into from
Closed

chore: Generates and checks PURLS on the CI #1364

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c0b4282
generate and check purls
oarbusi Jun 11, 2025
c47d88e
dont run tests when compliance files are changed
oarbusi Jun 11, 2025
95466a6
predicate-quantifier
oarbusi Jun 11, 2025
21513a8
install cli in ci
oarbusi Jun 11, 2025
2c6b71d
fix mongodb version in test of online archive
oarbusi Jun 11, 2025
b8f6fb8
remove serverless-privatelink-endpoint tests in CI
oarbusi Jun 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/workflows/code-health.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ jobs:
run: |
cd cfn-resources
go build -v ./...
- name: Generate purls for all resources
run: make gen-purls
- name: Check purls for all resources
run: make check-purls
mock-generation:
runs-on: ubuntu-latest
steps:
Expand Down
19 changes: 19 additions & 0 deletions .github/workflows/contract-testing.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,45 +36,64 @@ jobs:
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
id: filter
with:
predicate-quantifier: 'every'
Copy link
Collaborator Author

@oarbusi oarbusi Jun 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This avoids running contract test when only the files in /compliance have changed (see https://github.com/dorny/paths-filter/tree/de90cc6fb38fc0963ad72b210f1f284cd68cea36/ for more details)

filters: |
access-list-api-key:
- 'cfn-resources/access-list-api-key/**'
- '!cfn-resources/access-list-api-key/compliance/**'
alert-configuration:
- 'cfn-resources/alert-configuration/**'
- '!cfn-resources/alert-configuration/compliance/**'
api-key:
- 'cfn-resources/api-key/**'
- '!cfn-resources/api-key/compliance/**'
auditing:
- 'cfn-resources/auditing/**'
- '!cfn-resources/auditing/compliance/**'
cloud-backup-restore-jobs:
- 'cfn-resources/cloud-backup-restore-jobs/**'
- '!cfn-resources/cloud-backup-restore-jobs/compliance/**'
cluster-outage-simulation:
- 'cfn-resources/cluster-outage-simulation/**'
- '!cfn-resources/cluster-outage-simulation/compliance/**'
federated-database-instance:
- 'cfn-resources/federated-database-instance/**'
- '!cfn-resources/federated-database-instance/compliance/**'
federated-query-limit:
- 'cfn-resources/federated-query-limit/**'
- '!cfn-resources/federated-query-limit/compliance/**'
online-archive:
- 'cfn-resources/online-archive/**'
- '!cfn-resources/online-archive/compliance/**'
organization:
- 'cfn-resources/organization/**'
- '!cfn-resources/organization/compliance/**'
private-endpoint-aws:
- 'cfn-resources/private-endpoint-aws/**'
- '!cfn-resources/private-endpoint-aws/compliance/**'
private-endpoint-service:
- 'cfn-resources/private-endpoint-service/**'
- '!cfn-resources/private-endpoint-service/compliance/**'
privatelink-endpoint-service-data-federation-online-archive:
- 'cfn-resources/privatelink-endpoint-service-data-federation-online-archive/**'
- '!cfn-resources/privatelink-endpoint-service-data-federation-online-archive/compliance/**'
project:
- 'cfn-resources/project/**'
- '!cfn-resources/project/compliance/**'
resource-policy:
- 'cfn-resources/resource-policy/**'
- '!cfn-resources/resource-policy/compliance/**'
search-deployment:
- 'cfn-resources/search-deployment/**'
- '!cfn-resources/search-deployment/compliance/**'
serverless-private-endpoint:
Copy link
Member

@lantoli lantoli Jun 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is serverless-private-endpoint not needed?

Copy link
Collaborator Author

@oarbusi oarbusi Jun 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is deprecated and tests can no longer be run (API does not work). I cleaned this up

- 'cfn-resources/serverless-private-endpoint/**'
stream-connection:
- 'cfn-resources/stream-connection/**'
- '!cfn-resources/stream-connection/compliance/**'
stream-instance:
- 'cfn-resources/stream-instance/**'
- '!cfn-resources/stream-instance/compliance/**'
access-list-api-key:
needs: change-detection
if: ${{ needs.change-detection.outputs.access-list-api-key == 'true' }}
Expand Down
7 changes: 7 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,10 @@ generate-mocks: # uses mockery to generate mocks in folder `cfn-resources/testut
generate-resource-versions-markdown:
(cd cfn-resources && go run tool/markdown-generator/*.go)

.PHONY: gen-purls
gen-purls:
./scripts/generate-purls.sh

.PHONY: check-purls
check-purls:
./scripts/check-purls.sh
19 changes: 19 additions & 0 deletions cfn-resources/access-list-api-key/compliance/purls.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
Copy link
Member

@lantoli lantoli Jun 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if I understand correctly, purls.txt depends on go.mod and go.sum. We share the same go.mod files for all the resources, so all purls.txt will be always be the same.
Do we need to generate all of them, or can we just generate one purls.txt?

Copy link
Collaborator Author

@oarbusi oarbusi Jun 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

purl file is generated from a binary, and a binary is generated for each of the resources, so even if they share go.mod and go.sum, technically the binary is different(and that is what we are shipping) so we have to generate the purls for each

pkg:golang/github.com/aws-cloudformation/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/google/[email protected]
pkg:golang/github.com/jmespath/[email protected]
pkg:golang/github.com/mongodb-forks/[email protected]
pkg:golang/github.com/mongodb-labs/[email protected]
pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
pkg:golang/github.com/rs/[email protected]
pkg:golang/github.com/segmentio/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/[email protected]
pkg:golang/golang.org/x/[email protected]
pkg:golang/gopkg.in/[email protected]
18 changes: 18 additions & 0 deletions cfn-resources/alert-configuration/compliance/purls.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
pkg:golang/github.com/aws-cloudformation/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/google/[email protected]
pkg:golang/github.com/jmespath/[email protected]
pkg:golang/github.com/mongodb-forks/[email protected]
pkg:golang/github.com/mongodb-labs/[email protected]
pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
pkg:golang/github.com/rs/[email protected]
pkg:golang/github.com/segmentio/[email protected]
pkg:golang/github.com/spf13/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/[email protected]
pkg:golang/golang.org/x/[email protected]
pkg:golang/gopkg.in/[email protected]
17 changes: 17 additions & 0 deletions cfn-resources/api-key/compliance/purls.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
pkg:golang/github.com/aws-cloudformation/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/google/[email protected]
pkg:golang/github.com/jmespath/[email protected]
pkg:golang/github.com/mongodb-forks/[email protected]
pkg:golang/github.com/mongodb-labs/[email protected]
pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
pkg:golang/github.com/rs/[email protected]
pkg:golang/github.com/segmentio/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/[email protected]
pkg:golang/golang.org/x/[email protected]
pkg:golang/gopkg.in/[email protected]
17 changes: 17 additions & 0 deletions cfn-resources/auditing/compliance/purls.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
pkg:golang/github.com/aws-cloudformation/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/google/[email protected]
pkg:golang/github.com/jmespath/[email protected]
pkg:golang/github.com/mongodb-forks/[email protected]
pkg:golang/github.com/mongodb-labs/[email protected]
pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
pkg:golang/github.com/rs/[email protected]
pkg:golang/github.com/segmentio/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/[email protected]
pkg:golang/golang.org/x/[email protected]
pkg:golang/gopkg.in/[email protected]
17 changes: 17 additions & 0 deletions cfn-resources/cloud-backup-restore-jobs/compliance/purls.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
pkg:golang/github.com/aws-cloudformation/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/google/[email protected]
pkg:golang/github.com/jmespath/[email protected]
pkg:golang/github.com/mongodb-forks/[email protected]
pkg:golang/github.com/mongodb-labs/[email protected]
pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
pkg:golang/github.com/rs/[email protected]
pkg:golang/github.com/segmentio/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/[email protected]
pkg:golang/golang.org/x/[email protected]
pkg:golang/gopkg.in/[email protected]
17 changes: 17 additions & 0 deletions cfn-resources/cloud-backup-schedule/compliance/purls.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
pkg:golang/github.com/aws-cloudformation/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/google/[email protected]
pkg:golang/github.com/jmespath/[email protected]
pkg:golang/github.com/mongodb-forks/[email protected]
pkg:golang/github.com/mongodb-labs/[email protected]
pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
pkg:golang/github.com/rs/[email protected]
pkg:golang/github.com/segmentio/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/[email protected]
pkg:golang/golang.org/x/[email protected]
pkg:golang/gopkg.in/[email protected]
19 changes: 19 additions & 0 deletions cfn-resources/cloud-backup-snapshot-export-bucket/cmd/resource/config.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 19 additions & 0 deletions cfn-resources/cloud-backup-snapshot-export-bucket/compliance/purls.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
pkg:golang/github.com/aws-cloudformation/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/google/[email protected]
pkg:golang/github.com/jmespath/[email protected]
pkg:golang/github.com/mongodb-forks/[email protected]
pkg:golang/github.com/mongodb-labs/[email protected]
pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
pkg:golang/github.com/rs/[email protected]
pkg:golang/github.com/segmentio/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/[email protected]
pkg:golang/golang.org/x/[email protected]
pkg:golang/gopkg.in/[email protected]
8 changes: 4 additions & 4 deletions cfn-resources/cloud-backup-snapshot-export-bucket/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,9 +61,9 @@ _Required_: Yes

_Type_: String

_Minimum_: <code>24</code>
_Minimum Length_: <code>24</code>

_Maximum_: <code>24</code>
_Maximum Length_: <code>24</code>

_Pattern_: <code>^([a-f0-9]{24})$</code>

Expand All @@ -77,9 +77,9 @@ _Required_: Yes

_Type_: String

_Minimum_: <code>24</code>
_Minimum Length_: <code>24</code>

_Maximum_: <code>24</code>
_Maximum Length_: <code>24</code>

_Pattern_: <code>^([a-f0-9]{24})$</code>

Expand Down
27 changes: 7 additions & 20 deletions cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,13 @@ Resources:
Principal:
Service: resources.cloudformation.amazonaws.com
Action: sts:AssumeRole
Condition:
StringEquals:
aws:SourceAccount:
Ref: AWS::AccountId
StringLike:
aws:SourceArn:
Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MongoDB-Atlas-CloudBackupSnapshotExportBucket/*
Path: "/"
Policies:
- PolicyName: ResourceTypePolicy
Expand All @@ -23,27 +30,7 @@ Resources:
Statement:
- Effect: Allow
Action:
- "secretsmanager:CreateSecret"
- "secretsmanager:DescribeSecret"
- "secretsmanager:GetSecretValue"
- "secretsmanager:PutSecretValue"
- "secretsmanager:UpdateSecretVersionStage"
- "ec2:CreateVpcEndpoint"
- "ec2:DeleteVpcEndpoints"
- "cloudformation:CreateResource"
- "cloudformation:DeleteResource"
- "cloudformation:GetResource"
- "cloudformation:GetResourceRequestStatus"
- "cloudformation:ListResources"
- "cloudformation:UpdateResource"
- "iam:AttachRolePolicy"
- "iam:CreateRole"
- "iam:DeleteRole"
- "iam:GetRole"
- "iam:GetRolePolicy"
- "iam:ListAttachedRolePolicies"
- "iam:ListRolePolicies"
- "iam:PutRolePolicy"
Resource: "*"
Outputs:
ExecutionRoleArn:
Expand Down
19 changes: 19 additions & 0 deletions cfn-resources/cloud-backup-snapshot/cmd/resource/config.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

17 changes: 17 additions & 0 deletions cfn-resources/cloud-backup-snapshot/compliance/purls.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
pkg:golang/github.com/aws-cloudformation/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/google/[email protected]
pkg:golang/github.com/jmespath/[email protected]
pkg:golang/github.com/mongodb-forks/[email protected]
pkg:golang/github.com/mongodb-labs/[email protected]
pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
pkg:golang/github.com/rs/[email protected]
pkg:golang/github.com/segmentio/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/[email protected]
pkg:golang/golang.org/x/[email protected]
pkg:golang/gopkg.in/[email protected]
19 changes: 19 additions & 0 deletions cfn-resources/cluster-outage-simulation/cmd/resource/config.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 18 additions & 0 deletions cfn-resources/cluster-outage-simulation/compliance/purls.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
pkg:golang/github.com/aws-cloudformation/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/aws/[email protected]
pkg:golang/github.com/google/[email protected]
pkg:golang/github.com/jmespath/[email protected]
pkg:golang/github.com/mongodb-forks/[email protected]
pkg:golang/github.com/mongodb-labs/[email protected]
pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
pkg:golang/github.com/rs/[email protected]
pkg:golang/github.com/segmentio/[email protected]
pkg:golang/github.com/spf13/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/atlas-sdk/[email protected]
pkg:golang/go.mongodb.org/[email protected]
pkg:golang/golang.org/x/[email protected]
pkg:golang/gopkg.in/[email protected]
Loading
Loading