Merge pull request #235 from newscorp-ghfb/release

[AUTOMATED] Changes from Sandbox

.github/workflows/ci-main.yml

@@ -14,44 +14,43 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 jobs:
-  Lint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-python@v2
-        with:
-          python-version: 3.8
-      - name: Install Linter
-        run: |
-          python -m pip install --upgrade pip
-          pip install flake8 black
-      - name: Lint Check
-        run: |
-          make lint
-      - name: Format Check
-        run: |
-          black --check tools/c7n_left
-
-  Analyzer:
-    runs-on: ubuntu-latest
-    needs: Lint
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-python@v1
-        with:
-          python-version: 3.9
-      - name: Run Bandit
-        run: |
-          python -m pip install bandit
-          make analyzer-bandit
-      - name: Run Semgrep
-        run: |
-          python -m pip install semgrep
-          make analyzer-semgrep
+  # Lint:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@v2
+  #     - uses: actions/setup-python@v2
+  #       with:
+  #         python-version: 3.8
+  #     - name: Install Linter
+  #       run: |
+  #         python -m pip install --upgrade pip
+  #         pip install flake8 black
+  #     - name: Lint Check
+  #       run: |
+  #         make lint
+  #     - name: Format Check
+  #       run: |
+  #         black --check tools/c7n_left
+  # Analyzer:
+  #   runs-on: ubuntu-latest
+  #   needs: Lint
+  #   steps:
+  #     - uses: actions/checkout@v2
+  #     - uses: actions/setup-python@v1
+  #       with:
+  #         python-version: 3.9
+  #     - name: Run Bandit
+  #       run: |
+  #         python -m pip install bandit
+  #         make analyzer-bandit
+  #     - name: Run Semgrep
+  #       run: |
+  #         python -m pip install semgrep
+  #         make analyzer-semgrep
 
   Tests:
     runs-on: "${{ matrix.os }}"
-    needs: Lint
+    # needs: Lint
     strategy:
       matrix:
         # os: [ubuntu-latest, macos-latest, windows-latest]
@@ -159,4 +158,4 @@ jobs:
       - name: License Check
         if: contains(matrix.python-version, '3.9') && contains(matrix.os, 'ubuntu')
         run: |
-          poetry run python tools/dev/license-check.py
+          poetry run python tools/dev/license-check.py

.github/workflows/manual-sync-to-sandbox.yml

@@ -22,16 +22,11 @@ jobs:
       uses: morganschoen/temporary-branch-action@3f774b2579f6044ca852f6c3f64b5d3d6d8c455d
       with:
         base: master
-    - name: target specific customization
-      run: |
-        git switch ${{ steps.temp-branch.outputs.branch }}
-        sudo chown -R "${USER:-$(id -un)}" .
-      shell: bash
     - name: commit changes to temp branch
       uses: stefanzweifel/git-auto-commit-action@v4
       with:
         branch: ${{ steps.temp-branch.outputs.branch }}
-    - name: sync temp branch to target master branch
+    - name: sync temp branch to target release branch
       uses: wei/git-sync@v3
       with:
         source_repo: [email protected]:newscorp-ghfb/cloud-custodian.git
@@ -44,4 +39,4 @@ jobs:
       uses: dawidd6/action-delete-branch@v3
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
-        branches: ${{ steps.temp-branch.outputs.branch }}
+        branches: ${{ steps.temp-branch.outputs.branch }}

.github/workflows/nightly-sync-pr.yml

@@ -33,5 +33,5 @@ jobs:
       env:
         INCOMING_WEBHOOK_URL: ${{ secrets.NIGHTLY_SYNC_SLACK_WEBHOOK_URL }}
       with:
-        text: "${{github.event.repository.name}}: Nightly sync from sandbox\n:git-pull-request: New PR ready for review: \
+        text: "${{github.event.repository.name}}: Nightly cloud-custodian sync from sandbox\n:git-pull-request: New PR ready for review: \
           <${{steps.create-pr.outputs.pr_url}}|${{steps.create-pr.outputs.pr_number}}> <!here>"

.github/workflows/nightly-sync-to-prod.yml

@@ -48,9 +48,12 @@ jobs:
         jenkins-url: "https://jenkins.ncttools.io"
         jenkins-token: ${{ secrets.JENKINS_API_TOKEN }}
         jenkins-user: ${{ secrets.JENKINS_API_USERNAME }}
-        jenkins-job: ${{ github.event.repository.name }}
+        # jenkins-job: ${{ github.event.repository.name }}/release
+        jenkins-job: nct-cloud-custodian-sandbox/release
         jenkins-wait-job: "wait"
         jenkins-ssl-verify: "true"
+        jenkins-job-params: '{"anyParam": "anyValue"}'
+
     - name: notify slack on failure (plan)
       if: startsWith(steps.jenkins-job-apply.outputs.job_status, 'FAIL')
       uses: tokorom/action-slack-incoming-webhook@main
@@ -64,7 +67,7 @@ jobs:
               "color": "danger",
               "fields": [
                 {
-                  "title": "${{github.event.repository.name}}: Nightly Jeeves sandbox validation failed. ",
+                  "title": "${{github.event.repository.name}}: Nightly sandbox validation failed. ",
                   "value": "Skipping sync to prod release branch. Please review errors in build # <https://jenkins.ncttools.io/view/AWS%20Landing%20Zone%20Sandbox/job/${{github.event.repository.name}}/${{steps.jenkins-job-apply.outputs.job_build_number}}/console|${{steps.jenkins-job-apply.outputs.job_build_number}}>"
                 }
               ]
@@ -76,50 +79,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: checkout main
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         ref: master
-        fetch-depth: 0
-    - name: checkout target
-      uses: actions/checkout@v3
-      with:
-        repository: newscorp-ghfb/cloud-custodian
-        ssh-key: ${{ secrets.GIT_SYNC_DESTINATION_PRIVATE_KEY }}
-        path: nct-lz-aws-toolIAM
+        # fetch-depth: 0
     - name: create temp branch
       id: temp-branch
       uses: morganschoen/temporary-branch-action@main
       with:
         base: master
-    # - name: target specific customization
-    #   run: |
-    #     git switch ${{ steps.temp-branch.outputs.branch }}
-    #     sed -i "s/@Library('nct-jenkins-shared-library-sandbox')_/@Library('nct-jenkins-shared-library')_/g" Jenkinsfile
-    #     for dir in accounts/*; do
-    #       [[ "$dir" == *"bu_roles"* || "$dir" == *"tests"* ]] && continue
-    #       for dir2 in $dir/*; do
-    #         [[ "$dir2" = *"bu_roles"* || "$dir2" == *"tests"* ]] && continue
-    #         if [ -d $dir2 ]; then
-    #           echo "del $dir2"
-    #           rm -rf "$dir2"
-    #         fi
-    #       done
-    #     done
-    #     for dir in nct-lz-aws-toolIAM/accounts/*; do
-    #       [[ "$dir" == *"bu_roles"* || "$dir" == *"tests"* ]] && continue
-    #       for dir2 in $dir/*; do
-    #         [[ "$dir2" = *"bu_roles"* || "$dir2" == *"tests"* ]] && continue
-    #         if [ -d $dir2 ]; then
-    #           target_dir2=$(sed 's/nct-lz-aws-toolIAM\///' <<< $dir2)
-    #           target_dir=$(sed 's/nct-lz-aws-toolIAM\///' <<< $dir)
-    #           echo "copy $dir2 $target_dir2"
-    #           mkdir -p $target_dir && cp -r $dir2 $target_dir2
-    #         fi
-    #       done
-    #     done
-    #     rm -rf nct-lz-aws-toolIAM
-    #     sudo chown -R "${USER:-$(id -un)}" .
-    #   shell: bash
+    - name: Fetch branch in Sandbox
+      run: |
+        git fetch
+        git push --set-upstream origin ${{ steps.temp-branch.outputs.branch }}
     - name: commit changes to temp branch
       uses: stefanzweifel/git-auto-commit-action@v4
       with:
@@ -131,7 +103,7 @@ jobs:
         source_repo: [email protected]:newscorp-ghfb/cloud-custodian-sandbox.git
         source_branch: ${{ steps.temp-branch.outputs.branch }}
         source_ssh_private_key: ${{ secrets.GIT_SYNC_SOURCE_PRIVATE_KEY }}
-        destination_repo: [email protected]:newscorp-ghfb/nct-cloud-custodian.git
+        destination_repo: [email protected]:newscorp-ghfb/cloud-custodian.git
         destination_branch: release
         destination_ssh_private_key: ${{ secrets.GIT_SYNC_DESTINATION_PRIVATE_KEY }}
     - name: delete temp branch

c7n/resources/vpc.py

@@ -2886,6 +2886,7 @@ def process(self, resources, event=None):
 
         return results
 
+
 @Subnet.filter_registry.register('ip-allocation-threshold')
 class SubnetIpAllocationFilter(Filter):
     """Filters subnets based on ip allocation percentage
@@ -2899,6 +2900,7 @@ class SubnetIpAllocationFilter(Filter):
                     percentage: 80
                     op: gte
     """
+
     schema = type_schema(
         'ip-allocation-threshold',
         percentage={'type': 'number'},
@@ -2935,9 +2937,13 @@ def process(self, resources, event=None):
                 if percentage_used > threshold_percentage:
                     results.append(subnet)
             elif op == 'lte':
-                if (percentage_used < threshold_percentage) or (percentage_used == threshold_percentage):
+                if (percentage_used < threshold_percentage) or (
+                    percentage_used == threshold_percentage
+                ):
                     results.append(subnet)
             elif op == 'gte':
-                if (percentage_used > threshold_percentage) or (percentage_used == threshold_percentage):
+                if (percentage_used > threshold_percentage) or (
+                    percentage_used == threshold_percentage
+                ):
                     results.append(subnet)
-        return results
+        return results