cloudquery
diff --git a/‎.github/styles/Vocab/Base/accept.txt‎
Lines changed: 11 additions & 1 deletion b/‎.github/styles/Vocab/Base/accept.txt‎
Lines changed: 11 additions & 1 deletion
diff --git a/‎.github/workflows/broken_links.yml‎
Lines changed: 3 additions & 1 deletion b/‎.github/workflows/broken_links.yml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎.github/workflows/dest_csv.yml‎
Lines changed: 2 additions & 23 deletions b/‎.github/workflows/dest_csv.yml‎
Lines changed: 2 additions & 23 deletions
diff --git a/‎.github/workflows/dest_postgresql.yml‎
Lines changed: 2 additions & 23 deletions b/‎.github/workflows/dest_postgresql.yml‎
Lines changed: 2 additions & 23 deletions
diff --git a/‎.github/workflows/dest_sqlite.yml‎
Lines changed: 2 additions & 23 deletions b/‎.github/workflows/dest_sqlite.yml‎
Lines changed: 2 additions & 23 deletions
diff --git a/‎.github/workflows/dest_test.yml‎
Lines changed: 2 additions & 23 deletions b/‎.github/workflows/dest_test.yml‎
Lines changed: 2 additions & 23 deletions
diff --git a/‎.github/workflows/docs_changes_summary.yml‎
Lines changed: 114 additions & 0 deletions b/‎.github/workflows/docs_changes_summary.yml‎
Lines changed: 114 additions & 0 deletions
diff --git a/‎.github/workflows/lint_markdown.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/lint_markdown.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/release_cli.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/release_cli.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/source_aws.yml‎
Lines changed: 21 additions & 1 deletion b/‎.github/workflows/source_aws.yml‎
Lines changed: 21 additions & 1 deletion
@@ -145,4 +145,14 @@ arn
 ARN
 ARNs
 SCP
-SCPs
+SCPs
+failover
+ENI
+ENIs
+runtime
+runtimes
+ELB
+ELBs
+CMK
+CMKs
+serverless
@@ -31,9 +31,11 @@ jobs:
         id: preview-deployment
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-          max_timeout: 360
+          # The action waits half of `max_timeout`. TODO: Change to 600 when https://github.com/patrickedqvist/wait-for-vercel-preview/pull/34 is released
+          max_timeout: 1200
           check_interval: 10
           environment: 'Preview'
+          allow_inactive: true
 
       - name: Set Vercel URL output
         id: vercel
 
@@ -13,30 +13,10 @@ on:
       - ".github/workflows/dest_csv.yml"
 
 jobs:
-  resolve-runner:
-    timeout-minutes: 5
-    runs-on: ubuntu-latest
-    outputs:
-      runner: ${{ steps.resolve.outputs.runner }}
-    steps:
-      - name: Check if should use large runner
-        id: large-runner
-        # We want to speed runs on the main branch which prime the cache
-        # We allow large runners only in this case to prevent forks from abusing them (it's enforced via runner groups access rules)
-        # IF YOU WANT TO USE A LARGE RUNNER YOU NEED TO ADD THE WORKFLOW TO THE `CloudQuery releases` GROUP IN https://github.com/organizations/cloudquery/settings/actions/runner-groups
-        if: github.event_name == 'push'
-        run: |
-          echo "runner=cloudquery-release-runner" >> $GITHUB_OUTPUT
-      - name: Resolve runner
-        id: resolve
-        run: |
-          RUNNER=${{ steps.large-runner.outputs.runner }}
-          echo "runner=${RUNNER:-"ubuntu-latest"}" >> $GITHUB_OUTPUT
   plugins-destination-csv:
     timeout-minutes: 30
     name: "plugins/destination/csv"
-    needs: [resolve-runner]
-    runs-on: ${{ needs.resolve-runner.outputs.runner }}
+    runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: ./plugins/destination/csv
@@ -64,8 +44,7 @@ jobs:
         run: make test
   validate-release:
     timeout-minutes: 30
-    needs: [resolve-runner]
-    runs-on: ${{ needs.resolve-runner.outputs.runner }}
+    runs-on: ubuntu-latest
     env:
       CGO_ENABLED: 0
     steps:
 
@@ -13,30 +13,10 @@ on:
       - ".github/workflows/dest_postgresql.yml"
 
 jobs:
-  resolve-runner:
-    timeout-minutes: 5
-    runs-on: ubuntu-latest
-    outputs:
-      runner: ${{ steps.resolve.outputs.runner }}
-    steps:
-      - name: Check if should use large runner
-        id: large-runner
-        # We want to speed runs on the main branch which prime the cache
-        # We allow large runners only in this case to prevent forks from abusing them (it's enforced via runner groups access rules)
-        # IF YOU WANT TO USE A LARGE RUNNER YOU NEED TO ADD THE WORKFLOW TO THE `CloudQuery releases` GROUP IN https://github.com/organizations/cloudquery/settings/actions/runner-groups
-        if: github.event_name == 'push'
-        run: |
-          echo "runner=cloudquery-release-runner" >> $GITHUB_OUTPUT
-      - name: Resolve runner
-        id: resolve
-        run: |
-          RUNNER=${{ steps.large-runner.outputs.runner }}
-          echo "runner=${RUNNER:-"ubuntu-latest"}" >> $GITHUB_OUTPUT
   plugins-destination-postgresql:
     timeout-minutes: 30
     name: "plugins/destination/postgresql"
-    needs: [resolve-runner]
-    runs-on: ${{ needs.resolve-runner.outputs.runner }}
+    runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: ./plugins/destination/postgresql
@@ -89,8 +69,7 @@ jobs:
         run: CQ_DEST_PG_TEST_CONN="postgresql://root@localhost:26257/postgres?sslmode=disable" make test
   validate-release:
     timeout-minutes: 30
-    needs: [resolve-runner]
-    runs-on: ${{ needs.resolve-runner.outputs.runner }}
+    runs-on: ubuntu-latest
     env:
       CGO_ENABLED: 0
     steps:
 
@@ -13,30 +13,10 @@ on:
       - ".github/workflows/dest_sqlite.yml"
 
 jobs:
-  resolve-runner:
-    timeout-minutes: 5
-    runs-on: ubuntu-latest
-    outputs:
-      runner: ${{ steps.resolve.outputs.runner }}
-    steps:
-      - name: Check if should use large runner
-        id: large-runner
-        # We want to speed runs on the main branch which prime the cache
-        # We allow large runners only in this case to prevent forks from abusing them (it's enforced via runner groups access rules)
-        # IF YOU WANT TO USE A LARGE RUNNER YOU NEED TO ADD THE WORKFLOW TO THE `CloudQuery releases` GROUP IN https://github.com/organizations/cloudquery/settings/actions/runner-groups
-        if: github.event_name == 'push'
-        run: |
-          echo "runner=cloudquery-release-runner" >> $GITHUB_OUTPUT
-      - name: Resolve runner
-        id: resolve
-        run: |
-          RUNNER=${{ steps.large-runner.outputs.runner }}
-          echo "runner=${RUNNER:-"ubuntu-latest"}" >> $GITHUB_OUTPUT
   plugins-destination-sqlite:
     timeout-minutes: 30
     name: "plugins/destination/sqlite"
-    needs: [resolve-runner]
-    runs-on: ${{ needs.resolve-runner.outputs.runner }}
+    runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: ./plugins/destination/sqlite
@@ -64,8 +44,7 @@ jobs:
         run: make test
   validate-release:
     timeout-minutes: 30
-    needs: [resolve-runner]
-    runs-on: ${{ needs.resolve-runner.outputs.runner }}
+    runs-on: ubuntu-latest
     container:
       image: ghcr.io/cloudquery/golang-cross:v10.0.0
       env:
 
@@ -13,30 +13,10 @@ on:
       - ".github/workflows/dest_test.yml"
 
 jobs:
-  resolve-runner:
-    timeout-minutes: 5
-    runs-on: ubuntu-latest
-    outputs:
-      runner: ${{ steps.resolve.outputs.runner }}
-    steps:
-      - name: Check if should use large runner
-        id: large-runner
-        # We want to speed runs on the main branch which prime the cache
-        # We allow large runners only in this case to prevent forks from abusing them (it's enforced via runner groups access rules)
-        # IF YOU WANT TO USE A LARGE RUNNER YOU NEED TO ADD THE WORKFLOW TO THE `CloudQuery releases` GROUP IN https://github.com/organizations/cloudquery/settings/actions/runner-groups
-        if: github.event_name == 'push'
-        run: |
-          echo "runner=cloudquery-release-runner" >> $GITHUB_OUTPUT
-      - name: Resolve runner
-        id: resolve
-        run: |
-          RUNNER=${{ steps.large-runner.outputs.runner }}
-          echo "runner=${RUNNER:-"ubuntu-latest"}" >> $GITHUB_OUTPUT
   plugins-destination-test:
     timeout-minutes: 30
     name: "plugins/destination/test"
-    needs: [resolve-runner]
-    runs-on: ${{ needs.resolve-runner.outputs.runner }}
+    runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: ./plugins/destination/test
@@ -64,8 +44,7 @@ jobs:
         run: go test ./...
   validate-release:
     timeout-minutes: 30
-    needs: [resolve-runner]
-    runs-on: ${{ needs.resolve-runner.outputs.runner }}
+    runs-on: ubuntu-latest
     env:
       CGO_ENABLED: 0
     steps:
 
@@ -0,0 +1,114 @@
+name: Summarize changes to source plugins docs
+
+on:
+  # Using pull_request_target works on forked PRs too. This is safe since we don't checkout the PR code (we only use the diff)
+  pull_request_target:
+    branches:
+      - main
+    types:
+      - opened
+      - edited
+      - synchronize
+      - reopened
+jobs:
+  doc-changes:
+    defaults:
+      run:
+        working-directory: scripts/table_diff
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    outputs:
+      breaking: ${{ steps.breaking.outputs.status }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Get PR diff
+        run: |
+          curl -L ${{ github.event.pull_request.diff_url }} > pr.diff
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v3
+        with:
+          go-version-file: scripts/table_diff/go.mod
+          cache: true
+          cache-dependency-path: scripts/table_diff/go.sum
+      - name: Generate docs changes file
+        run: |
+          go run main.go pr.diff changes.json
+      - uses: actions/github-script@v6
+        name: Get doc changes string
+        id: get-changes
+        with:
+          result-encoding: string
+          script: |
+            const { promises: fs } = require('fs')
+            const changes = JSON.parse(await fs.readFile('scripts/table_diff/changes.json', 'utf8'))
+            if (changes.length === 0) {
+              console.log('No changes to docs')
+              return ""
+            }
+            const changesList = changes.map(change => {
+              const { breaking, text } = change
+              if (breaking) {
+                return `- :warning: BREAKING CHANGE: ${text}`
+              }
+              return `- ${text}`
+            }).join('\n')
+            return changesList
+      - name: Find Comment
+        uses: peter-evans/find-comment@f4499a714d59013c74a08789b48abe4b704364a0
+        if: steps.get-changes.outputs.result != ''
+        id: find-comment
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-includes: '### This PR has the following changes to source plugin(s) tables:'
+      - name: Create or update comment
+        uses: peter-evans/create-or-update-comment@5adcb0bb0f9fb3f95ef05400558bdb3f329ee808
+        if: steps.get-changes.outputs.result != ''
+        with:
+          comment-id: ${{ steps.find-comment.outputs.comment-id }}
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            ### This PR has the following changes to source plugin(s) tables:
+
+            ${{steps.get-changes.outputs.result}}
+          edit-mode: replace
+      - name: Mark as breaking
+        id: breaking
+        if: contains(steps.get-changes.outputs.result, 'BREAKING CHANGE')
+        run: echo "status=true" >> $GITHUB_OUTPUT
+  ensure-breaking-changes-released-as-major-bump:
+    runs-on: ubuntu-latest
+    needs: [doc-changes]
+    steps:
+      - name: Should enforce check
+        id: enforce
+        # Only enforce this check for renovate PRs that update dependencies
+        if: needs.doc-changes.outputs.breaking == 'true' && github.event.pull_request.user.login == 'cq-bot' && startsWith(github.event.pull_request.title, 'fix(deps)') && startsWith(github.head_ref, 'renovate/')
+        run: echo "status=true" >> $GITHUB_OUTPUT
+      - name: Install commit message parser
+        if: steps.enforce.outputs.status == 'true'
+        run: npm install @conventional-commits/parser
+      - uses: actions/github-script@v6
+        if: steps.enforce.outputs.status == 'true'
+        with:
+          script: |
+            const {
+              parser,
+              toConventionalChangelogFormat,
+            } = require("@conventional-commits/parser");
+            const { title } = context.payload.pull_request
+            try {
+              const ast = parser(title);
+              const { notes } = toConventionalChangelogFormat(ast);
+              const isBreaking = notes.some(({ title }) =>
+                title.includes("BREAKING CHANGE")
+              );
+              if (!isBreaking) {
+                const titleParts = title.split(":");
+                const expectedTitle = `${titleParts[0]}!:${titleParts[1]}`;
+                throw new Error(`PR title does not contain a breaking change, please update the title to '${expectedTitle}'`);
+              }
+            } catch (e) {
+              throw new Error(`PR title does not follow conventional commits format. Error: ${e}`);
+            }
@@ -16,7 +16,7 @@ jobs:
       - name: Vale
         uses: errata-ai/vale-action@v2
         with:
-          vale_flags: "--glob=!{website/pages/blog/podcast-software-engineer-daily.md,*CHANGELOG.md,*/docs/tables/*,.github/styles/proselint/README.md,**/v1-migration.md,website/pages/docs/plugins/sources/*/tables.md}"
+          vale_flags: "--glob=!{website/pages/blog/podcast-software-engineer-daily.md,*CHANGELOG.md,*/docs/tables/*,.github/styles/proselint/README.md,**/v1-migration.md,website/pages/docs/plugins/sources/*/tables.md,website/pages/docs/plugins/sources/*/policies.md}"
           filter_mode: nofilter
           fail_on_error: true
         env:
 
@@ -78,7 +78,7 @@ jobs:
 
       - name: Update version file
         if: steps.semver_parser.outputs.prerelease == ''
-        run: 'echo "{ \"latest\": \"${{github.ref_name}}\" }" > ./websites/versions/cli.json'
+        run: 'echo "{ \"latest\": \"${{github.ref_name}}\" }" > ./website/versions/cli.json'
 
       - name: Create Pull Request
         if: steps.semver_parser.outputs.prerelease == ''
@@ -92,4 +92,4 @@ jobs:
           commit-message: "chore: Update CLI version to ${{steps.split.outputs.version}}"
           body: Updates the CLI latest version to ${{steps.split.outputs.version}}
           labels: automerge
-          author: cq-bot <cq-bot@users.noreply.github.com>
+          author: cq-bot <cq-bot@users.noreply.github.com>
@@ -36,6 +36,9 @@ jobs:
     timeout-minutes: 45
     name: "plugins/source/aws"
     needs: [resolve-runner]
+    permissions:
+      id-token: write
+      contents: read
     runs-on: ${{ needs.resolve-runner.outputs.runner }}
     defaults:
       run:
@@ -68,6 +71,21 @@ jobs:
       - name: Fail if generation updated files
         if: github.event_name == 'pull_request'
         run: test "$(git status -s | wc -l)" -eq 0
+      # Sanity integration test, only for release PRs
+      - name: Setup CloudQuery
+        if: startsWith(github.head_ref, 'release-please--branches--main--components')
+        uses: cloudquery/setup-cloudquery@v3
+        with:
+          version: 'v2.0.22'
+      - name: Configure AWS credentials
+        if: startsWith(github.head_ref, 'release-please--branches--main--components')
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: arn:aws:iam::615713231484:role/cq-playground-aws-github-action
+          aws-region: us-east-1
+      - name: Run sync
+        if: startsWith(github.head_ref, 'release-please--branches--main--components')
+        run: cloudquery sync test/sanity.yml --log-console
   validate-release:
     timeout-minutes: 45
     needs: [resolve-runner]
@@ -148,4 +166,6 @@ jobs:
       - name: Run all policies
         run: cd policies && psql -h localhost -p 5432 -U postgres -d postgres -w -f ./policy.sql
         env:
-          PGPASSWORD: pass
+          PGPASSWORD: pass
+
+