Publish a static data-docs site
Goal
You'll publish a static HTML site listing your recent validation results to an S3 / GCS bucket or a local directory, so stakeholders without a PLACEHOLDER Cloud login can see whether yesterday's loads passed.
Prereqs
- You're an owner of the organisation. The Data docs settings page is gated to the owner role.
- A writable destination. One of:
- An S3 bucket your worker process can write to (the worker uses ambient AWS credentials — an IAM instance profile,
AWS_PROFILE, orAWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEYin the env). - A GCS bucket your worker can write to (the worker uses Application Default Credentials).
- A local path that the worker process has write access to (typical for single-host deployments that front the directory with nginx).
- An S3 bucket your worker process can write to (the worker uses ambient AWS credentials — an IAM instance profile,
- For
s3://destinations: install thes3fspackage on the worker host. Forgs://destinations: installgcsfs. These are optional ops dependencies — they're not in the base install because most self-hosters usefile://.
Steps
-
Navigate to Settings → Data docs.
-
Enter a destination URI. Use one of:
s3://my-bucket/dq-docs— uploads to an S3 prefix.gs://my-bucket/dq-docs— uploads to a GCS prefix.file:///var/www/dq-docs— writes to a directory on the worker host. Make sure the path is absolute and writable by the worker user.
-
Save. PLACEHOLDER Cloud validates the URI format and stores it on the organisation. Leave it blank to disable the export.
-
Click "Rebuild now" to enqueue an immediate build. Otherwise the worker rebuilds every day at 04:00 UTC.
Verify
- Open the destination and confirm
index.htmlis present. It lists every checkpoint in your organisation. - Open
checkpoints/<id>.htmlto see the last 10 runs for that checkpoint. - The Data docs settings page shows the timestamp of the last successful build under "Last built". A
neverhere after a "Rebuild now" click means the worker hasn't run yet — check its logs fordata_docs_build_failedevents.
Notes
- There is no built-in auth on the published site. PLACEHOLDER Cloud writes plain HTML; it doesn't try to be a web server. If the audience is internal-only, put CloudFront with an origin-access identity, Cloudflare Access, or a forward proxy with SSO in front of the bucket / directory.
- The published site has no JavaScript and no external assets. It renders fine from an S3 website endpoint, a CDN, or
python -m http.serverfor local inspection. - The destination URI is stored as plain text in
public.organisations.data_docs_destination. It is not encrypted because it carries no bearer secret — credentials for the bucket come from the worker's ambient cloud credentials. Contrast with alert webhook URLs, which carry a bearer token and are encrypted. - See FEATURE-29 for the tracking ticket and out-of-scope items (per-asset pages, theming, per-workspace destinations).