3.0.0 Beta release

.github/workflows/pr.yml

@@ -2,9 +2,9 @@ name: Rust
 
 on:
   push:
-    branches: [ main, development ]
+    branches: [ main, development, rogue_one ]
   pull_request:
-    branches: [ main, development ]
+    branches: [ main, development, rogue_one ]
 
 env:
   CARGO_TERM_COLOR: always
@@ -19,7 +19,7 @@ jobs:
       run: cargo build --release --verbose
     - name: Run unit tests
       run: cargo test --verbose
-  
+
   shellcheck:
     name: Shellcheck
     runs-on: ubuntu-latest
@@ -39,9 +39,12 @@ jobs:
       - name: Rustfmt Check
         uses: actions-rust-lang/rustfmt@v1
 
-  aws-guard-rules-registry-ubuntu-integration-tests:
-    name: Integration tests against aws-guard-rules-registry on Ubuntu
-    runs-on: ubuntu-latest
+  aws-guard-rules-registry-integration-tests-linux:
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, macos-latest ]
+    runs-on: ${{ matrix.os }}
+    name: Integration tests against aws-guard-rules-registry
     steps:
       - uses: actions/checkout@v3
         name: Checkout cfn-guard
@@ -69,11 +72,11 @@ jobs:
       - name: Run integration tests using parse-tree command
         run: |
           cd aws-guard-rules-registry/rules
-          
+
           FAILED_RULES=()
           SKIPPED_RULES=()
           rules=( $(find . -type f -name "*.guard") )
-          
+
           for rule in "${rules[@]}"
           do
               if [ $(sed -e '/^[ \s]*#.*$/d' $rule |  sed -r '/^\s*$/d' | wc -l) -eq 0 ]; then
@@ -84,7 +87,7 @@ jobs:
                   FAILED_RULES+=("$rule")
               fi
           done
-          
+
           SKIPPED_RULE_COUNT=${#SKIPPED_RULES[@]}
           if [ $SKIPPED_RULE_COUNT -gt 0 ]; then
               echo "The following $SKIPPED_RULE_COUNT rule(s) were skipped because they contained only comments:"
@@ -93,9 +96,9 @@ jobs:
                   echo "$skipped_rule"
               done
           fi
-          
+
           FAILED_RULE_COUNT=${#FAILED_RULES[@]}
-          
+
           if [ $FAILED_RULE_COUNT -gt 0 ]; then
               echo "The following $FAILED_RULE_COUNT rule(s) have failed the parse-tree integration tests with a non-zero error code:"
               for failed_rule in "${FAILED_RULES[@]}"
@@ -106,5 +109,68 @@ jobs:
           else
               echo "All the rules have succeeded the parse-tree integration tests."
           fi
+
+  aws-guard-rules-registry-integration-tests-windows:
+    runs-on: windows-latest
+    name: Integration tests against aws-guard-rules-registry for Windows
+    steps:
+      - uses: actions/checkout@v3
+        name: Checkout cfn-guard
+        with:
+          path: cloudformation-guard
+      - name: Build binary
+        run: |
+          cd cloudformation-guard/guard/
+          cargo build --release
+      - uses: actions/checkout@v3
+        name: Checkout aws-guard-rules-registry
+        with:
+          repository: aws-cloudformation/aws-guard-rules-registry
+          path: aws-guard-rules-registry
+          ref: main
+      - name: Run integration tests using test command
+        run: |
+          if (cloudformation-guard/target/release/cfn-guard test -d aws-guard-rules-registry/rules) {
+              echo "The integration tests for test command have passed."
+          }
+          else {
+              echo "The integration tests for test command have failed."
+              exit 1
+          }
+
+      - name: Run integration tests using parse-tree command
+        run: |
+          cd aws-guard-rules-registry/rules
+
+          $FAILED_RULES = @()
+          $SKIPPED_RULES = @()
 
+          $rules  = @(Get-ChildItem -Path .\ -Filter *.guard -Recurse -File)
+
+          Foreach ($rule in $rules) {
+              $rule_files_without_comments = (Get-Content $rule.FullName) -replace '^[ \s]*#.*$', ''
+              if ([String]::IsNullOrWhiteSpace($rule_files_without_comments)){
+              $SKIPPED_RULES += "$rule"
+          }
+          elseif (../../cloudformation-guard/target/release/cfn-guard parse-tree --rules $rule.FullName) {
+              continue
+          } else {
+              $FAILED_RULES += "$rule"
+            }
+          }
 
+          $SKIPPED_RULE_COUNT = $SKIPPED_RULES.Length
+          if ($SKIPPED_RULE_COUNT -gt 0) {
+              echo "The following `$SKIPPED_RULE_COUNT.Length` rule(s) were skipped because they contained only comments:"
+              echo $SKIPPED_RULES
+          }
+
+          $FAILED_RULE_COUNT = $FAILED_RULES.Length
+
+          if ($FAILED_RULE_COUNT -gt 0) {
+              echo "The following $FAILED_RULE_COUNT rule(s) have failed the parse-tree integration tests with a non-zero error code:"
+              echo $FAILED_RULES
+              exit 1
+          } else {
+              echo "All the rules have succeeded the parse-tree integration tests."
+          }

.github/workflows/publish_docker.yml

@@ -2,7 +2,7 @@ name: Deploy to ECR Public Gallery
 
 on:
   push:
-    branches: [ main ]
+    branches: [ main, rogue_one ]
 
 jobs:
 

.github/workflows/release.yml

@@ -27,24 +27,24 @@ jobs:
         macos: |
           rustup target add x86_64-apple-darwin
           cargo build --release --target x86_64-apple-darwin
-          mkdir cfn-guard-v2-${{ matrix.os }}
-          cp ./target/x86_64-apple-darwin/release/cfn-guard ./cfn-guard-v2-${{ matrix.os }}/
-          cp README.md ./cfn-guard-v2-${{ matrix.os }}/
-          tar czvf ./cfn-guard-v2-${{ matrix.os }}.tar.gz ./cfn-guard-v2-${{ matrix.os }}
+          mkdir cfn-guard-v3-${{ matrix.os }}
+          cp ./target/x86_64-apple-darwin/release/cfn-guard ./cfn-guard-v3-${{ matrix.os }}/
+          cp README.md ./cfn-guard-v3-${{ matrix.os }}/
+          tar czvf ./cfn-guard-v3-${{ matrix.os }}.tar.gz ./cfn-guard-v3-${{ matrix.os }}
         linux: |
           rustup target add x86_64-unknown-linux-musl
           cargo build --release --target x86_64-unknown-linux-musl
-          mkdir cfn-guard-v2-${{ matrix.os }}
-          cp ./target/x86_64-unknown-linux-musl/release/cfn-guard ./cfn-guard-v2-${{ matrix.os }}/
-          cp README.md ./cfn-guard-v2-${{ matrix.os }}/
-          tar czvf ./cfn-guard-v2-${{ matrix.os }}.tar.gz ./cfn-guard-v2-${{ matrix.os }}
+          mkdir cfn-guard-v3-${{ matrix.os }}
+          cp ./target/x86_64-unknown-linux-musl/release/cfn-guard ./cfn-guard-v3-${{ matrix.os }}/
+          cp README.md ./cfn-guard-v3-${{ matrix.os }}/
+          tar czvf ./cfn-guard-v3-${{ matrix.os }}.tar.gz ./cfn-guard-v3-${{ matrix.os }}
     - name: Upload Release Asset
       id: upload-release-asset 
       uses: actions/upload-release-asset@v1
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
         upload_url: ${{ steps.get_release.outputs.upload_url }}
-        asset_path: ./cfn-guard-v2-${{ matrix.os }}.tar.gz 
-        asset_name: cfn-guard-v2-${{ matrix.os }}.tar.gz
+        asset_path: ./cfn-guard-v3-${{ matrix.os }}.tar.gz
+        asset_name: cfn-guard-v3-${{ matrix.os }}.tar.gz
         asset_content_type: application/octet-stream

Makefile

@@ -0,0 +1,7 @@
+build-CloudFormationGuardLambda:
+# installing rust every time you build is not great, but it's better than having
+# to install a toolchain yourself. In most cases builds will be infrequent.
+	curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+	source ${HOME}/.cargo/env && rustup target add x86_64-unknown-linux-musl
+	source ${HOME}/.cargo/env && cd guard-lambda && cargo build --release --target x86_64-unknown-linux-musl
+	cp -r /tmp/samcli/scratch/target/x86_64-unknown-linux-musl/release/cfn-guard-lambda $(ARTIFACTS_DIR)/bootstrap