Skip to content

CI Integration

Status: Available in ETLantic 0.14.0.

Validate without executing transformation code and publish SARIF diagnostics.

Development / local CI

etlantic validate package.pipeline:CustomerPipeline \
  --profile development --format sarif > etlantic.sarif
etlantic plan package.pipeline:CustomerPipeline \
  --profile development --format json > pipeline-plan.json

Production profile (explicit allowlist)

The built-in --profile production template is intentionally empty and fail-closed: it requires a non-empty plugin_allowlist and resolved bindings. Do not use the bare name for CI until you supply a real profile.

Write a JSON profile (secret-free) and pass its path:

from etlantic import Profile, write_profile

write_profile(
    Profile(
        name="ci-production",
        dataframe_engine="local",
        security_domain="production",
        validation_policy="strict",
        plugin_allowlist={
            "local": None,
            # "polars": "==0.14.0",
        },
        bindings={
            # Logical binding name → provider key or descriptor name
            # "customer_source": "json",
        },
    ),
    "profiles/ci-production.json",
)
etlantic validate package.pipeline:CustomerPipeline \
  --profile profiles/ci-production.json --format sarif > etlantic.sarif
etlantic plan package.pipeline:CustomerPipeline \
  --profile profiles/ci-production.json --format json > pipeline-plan.json

--profile accepts a built-in name or a path to a .json profile file loaded via load_profile.

Treat the plan as build metadata: it is secret-free, but may reveal pipeline structure and resource names.

Recommended gates:

  1. Pin ETLantic and official plugins to one tested release (==0.14.0).
  2. Validate every changed pipeline with an explicit allowlisted profile.
  3. Generate contracts and fail on unexpected diffs.
  4. Upload SARIF through the CI platform's supported integration.
  5. Compile orchestrator artifacts only from a valid plan.
  6. Never resolve runtime secrets during validation or planning.

See diagnostics, security, runtime configuration, and production profiles.