Skip to main content

Publish a static data-docs site

Goal

You'll publish a static HTML site listing your recent validation results to an S3 / GCS bucket or a local directory, so stakeholders without a PLACEHOLDER Cloud login can see whether yesterday's loads passed.

Prereqs

  • You're an owner of the organisation. The Data docs settings page is gated to the owner role.
  • A writable destination. One of:
    • An S3 bucket your worker process can write to (the worker uses ambient AWS credentials — an IAM instance profile, AWS_PROFILE, or AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY in the env).
    • A GCS bucket your worker can write to (the worker uses Application Default Credentials).
    • A local path that the worker process has write access to (typical for single-host deployments that front the directory with nginx).
  • For s3:// destinations: install the s3fs package on the worker host. For gs:// destinations: install gcsfs. These are optional ops dependencies — they're not in the base install because most self-hosters use file://.

Steps

  1. Navigate to Settings → Data docs.

  2. Enter a destination URI. Use one of:

    • s3://my-bucket/dq-docs — uploads to an S3 prefix.
    • gs://my-bucket/dq-docs — uploads to a GCS prefix.
    • file:///var/www/dq-docs — writes to a directory on the worker host. Make sure the path is absolute and writable by the worker user.
  3. Save. PLACEHOLDER Cloud validates the URI format and stores it on the organisation. Leave it blank to disable the export.

  4. Click "Rebuild now" to enqueue an immediate build. Otherwise the worker rebuilds every day at 04:00 UTC.

Verify

  • Open the destination and confirm index.html is present. It lists every checkpoint in your organisation.
  • Open checkpoints/<id>.html to see the last 10 runs for that checkpoint.
  • The Data docs settings page shows the timestamp of the last successful build under "Last built". A never here after a "Rebuild now" click means the worker hasn't run yet — check its logs for data_docs_build_failed events.

Notes

  • There is no built-in auth on the published site. PLACEHOLDER Cloud writes plain HTML; it doesn't try to be a web server. If the audience is internal-only, put CloudFront with an origin-access identity, Cloudflare Access, or a forward proxy with SSO in front of the bucket / directory.
  • The published site has no JavaScript and no external assets. It renders fine from an S3 website endpoint, a CDN, or python -m http.server for local inspection.
  • The destination URI is stored as plain text in public.organisations.data_docs_destination. It is not encrypted because it carries no bearer secret — credentials for the bucket come from the worker's ambient cloud credentials. Contrast with alert webhook URLs, which carry a bearer token and are encrypted.
  • See FEATURE-29 for the tracking ticket and out-of-scope items (per-asset pages, theming, per-workspace destinations).