{"id":50044293,"url":"https://github.com/landerox/cloud-landerox-data","last_synced_at":"2026-05-21T05:09:34.824Z","repository":{"id":331574811,"uuid":"1131322257","full_name":"landerox/cloud-landerox-data","owner":"landerox","description":"Reference architecture baseline for GCP data platforms (Apache Beam, BigQuery, Cloud Functions, Pub/Sub). Hybrid warehouse/lakehouse with batch + streaming, Medallion layering. Consumed by private runtime repos.","archived":false,"fork":false,"pushed_at":"2026-05-20T03:12:23.000Z","size":251,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-20T06:05:17.206Z","etag":null,"topics":["apache-beam","batch-processing","bigquery","cloud-functions","cloud-storage","data-engineering","data-platform","dataform","gcp","google-cloud-dataflow","iceberg","lakehouse","medallion-architecture","opentelemetry","pubsub","python","reference-architecture","slsa","streaming","supply-chain-security"],"latest_commit_sha":null,"homepage":"https://landerox.com/projects/cloud-data","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/landerox.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-01-09T20:20:15.000Z","updated_at":"2026-05-20T03:12:27.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/landerox/cloud-landerox-data","commit_stats":null,"previous_names":["landerox/cloud-landerox-data"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/landerox/cloud-landerox-data","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/landerox%2Fcloud-landerox-data","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/landerox%2Fcloud-landerox-data/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/landerox%2Fcloud-landerox-data/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/landerox%2Fcloud-landerox-data/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/landerox","download_url":"https://codeload.github.com/landerox/cloud-landerox-data/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/landerox%2Fcloud-landerox-data/sbom","scorecard":{"id":1246580,"data":{"date":"2026-04-26T16:36:10Z","repo":{"name":"github.com/landerox/cloud-landerox-data","commit":"8f05527c71bda985db4b2614cd1834175186f1bd"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":6.8,"checks":[{"name":"CI-Tests","score":-1,"reason":"no pull request found","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}},{"name":"Maintained","score":0,"reason":"1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/1 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Info: Found linked content: .github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":9,"reason":"dependency not pinned by hash detected -- score normalized to 9","details":["Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:23","Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:26","Info:  34 out of  34 GitHub-owned GitHubAction dependencies pinned","Info:  14 out of  14 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:55","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:56","Info: jobLevel 'contents' permission set to 'read': .github/workflows/lint.yml:56","Info: jobLevel 'contents' permission set to 'read': .github/workflows/lint.yml:97","Info: jobLevel 'contents' permission set to 'read': .github/workflows/lint.yml:126","Info: jobLevel 'contents' permission set to 'read': .github/workflows/lint.yml:171","Info: jobLevel 'contents' permission set to 'read': .github/workflows/nightly.yml:90","Info: jobLevel 'contents' permission set to 'read': .github/workflows/nightly.yml:39","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:60","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:45","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard.yml:46","Info: jobLevel 'contents' permission set to 'read': .github/workflows/semgrep.yml:57","Info: jobLevel 'contents' permission set to 'read': .github/workflows/trivy.yml:52","Info: jobLevel 'contents' permission set to 'read': .github/workflows/trivy.yml:83","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:43","Info: topLevel 'contents' permission set to 'read': .github/workflows/link-check.yml:27","Info: topLevel 'contents' permission set to 'read': .github/workflows/lint.yml:44","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly.yml:27","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:48","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:33","Info: topLevel permissions set to 'read-all': .github/workflows/semgrep.yml:45","Info: topLevel permissions set to 'read-all': .github/workflows/trivy.yml:40"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"SAST","score":10,"reason":"SAST tool detected: CodeQL","details":["Info: SAST configuration detected: CodeQL","Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Info: codeowner review is required on branch 'main'","Warn: 'last push approval' is disabled on branch 'main'","Warn: no status checks found to merge onto branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Contributors","score":0,"reason":"project has 0 contributing companies or organizations -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}}]},"last_synced_at":"2026-04-26T17:25:20.907Z","repository_id":331574811,"created_at":"2026-04-26T17:25:20.907Z","updated_at":"2026-04-26T17:25:20.907Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33289549,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-21T02:57:32.698Z","status":"ssl_error","status_checked_at":"2026-05-21T02:57:31.990Z","response_time":62,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apache-beam","batch-processing","bigquery","cloud-functions","cloud-storage","data-engineering","data-platform","dataform","gcp","google-cloud-dataflow","iceberg","lakehouse","medallion-architecture","opentelemetry","pubsub","python","reference-architecture","slsa","streaming","supply-chain-security"],"created_at":"2026-05-21T05:09:29.832Z","updated_at":"2026-05-21T05:09:34.818Z","avatar_url":"https://github.com/landerox.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cloud-landerox-data\n\n[![CI](https://github.com/landerox/cloud-landerox-data/actions/workflows/lint.yml/badge.svg)](https://github.com/landerox/cloud-landerox-data/actions/workflows/lint.yml)\n[![CodeQL](https://github.com/landerox/cloud-landerox-data/actions/workflows/codeql.yml/badge.svg)](https://github.com/landerox/cloud-landerox-data/actions/workflows/codeql.yml)\n[![codecov](https://codecov.io/gh/landerox/cloud-landerox-data/branch/main/graph/badge.svg)](https://codecov.io/gh/landerox/cloud-landerox-data)\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/landerox/cloud-landerox-data/badge)](https://scorecard.dev/viewer/?uri=github.com/landerox/cloud-landerox-data)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/12905/badge)](https://www.bestpractices.dev/projects/12905)\n[![OpenSSF Baseline](https://www.bestpractices.dev/projects/12905/baseline)](https://www.bestpractices.dev/projects/12905)\n[![SLSA Level 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)\n[![Python 3.13](https://img.shields.io/badge/python-3.13-3776AB?logo=python\u0026logoColor=white)](https://www.python.org/downloads/release/python-3130/)\n[![Checked with pyright](https://img.shields.io/badge/pyright-checked-0E7FC0?logo=python\u0026logoColor=white)](https://github.com/microsoft/pyright)\n[![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)\n[![Conventional Commits](https://img.shields.io/badge/Conventional%20Commits-1.0.0-FE5196?logo=conventionalcommits\u0026logoColor=white)](https://www.conventionalcommits.org)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)\n[![GCP](https://img.shields.io/badge/GCP-Ready-4285F4?logo=google-cloud\u0026logoColor=white)](https://cloud.google.com/)\n\n\u003e **Reference architecture baseline for GCP data platforms** — hybrid\n\u003e warehouse/lakehouse, batch + streaming, Medallion layering.\n\u003e Consumed by private runtime repos.\n\nWelcome to the `cloud-landerox-data` repository. This project serves as a comprehensive architecture baseline for Google Cloud Platform (GCP) data platforms. It provides structural guidance, engineering standards, and folder placeholders designed to be consumed by private runtime repositories.\n\nPlease note that this repository is **not** a production runtime environment, a Terraform infrastructure repository, or a Data Mesh framework. Instead, it is a pragmatic, hybrid baseline that intelligently selects patterns based on data source, Service Level Agreements (SLAs), and cost profiles. For a deep dive into our decision-making model, please review our [Architecture Stance](docs/architecture.md).\n\n## Status\n\nThe project is currently in a **pre-1.0** state with active quality and supply-chain gates on every PR and push: ruff, pyright (strict), pytest with coverage (≥90% on `shared/**`), `hypothesis` property tests, nightly `mutmut`; CodeQL, Semgrep, Trivy, pip-audit, license allowlist, gitleaks, zizmor, validate-pyproject, lychee link check, and DCO sign-off enforced locally and in CI. OpenSSF Scorecard runs weekly. Every release attaches a CycloneDX SBOM and a SLSA L3 build provenance attestation. Dependabot regular and security updates are both enabled. By design, no runtime code is deployed from this repository.\n\nTo see how this baseline is applied in practice, check out our minimal public runtime example at [landerox/cloud-landerox-runtime-example](https://github.com/landerox/cloud-landerox-runtime-example).\n\n## Getting started\n\n### Prerequisites\n\n- Python 3.13\n- [`mise`](https://mise.jdx.dev/getting-started.html) — manages `just`,\n  `lychee`, and other non-Python tools via `mise.toml`\n- [`uv`](https://docs.astral.sh/uv/)\n\n### Setup\n\n```bash\nmise install\njust sync\njust pre-commit-install\n```\n\n### Quality checks\n\n```bash\njust lint\njust type\njust test\n```\n\n## Learn more\n\n- [Documentation index](docs/README.md) — full catalogue of architecture, guides, diagrams, and blueprints\n- [Architecture stance](docs/architecture.md)\n- [Architecture decisions (ADRs)](docs/adr/README.md)\n- [CI/CD guide](docs/cicd.md)\n- [Governance](GOVERNANCE.md)\n- [Roadmap](ROADMAP.md)\n- [Contributing](.github/CONTRIBUTING.md)\n- [Security policy](.github/SECURITY.md)\n- [Changelog](CHANGELOG.md)\n\n## License\n\nThis project is licensed under the terms found in the [LICENSE](LICENSE) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flanderox%2Fcloud-landerox-data","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flanderox%2Fcloud-landerox-data","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flanderox%2Fcloud-landerox-data/lists"}