aws-cloudformation
diff --git a/‎.github/workflows/pr.yml‎
Lines changed: 33 additions & 17 deletions b/‎.github/workflows/pr.yml‎
Lines changed: 33 additions & 17 deletions
diff --git a/‎Cargo.lock‎
Lines changed: 3 additions & 3 deletions b/‎Cargo.lock‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎README.md‎
Lines changed: 48 additions & 4 deletions b/‎README.md‎
Lines changed: 48 additions & 4 deletions
@@ -2,9 +2,9 @@ name: Rust
 
 on:
   push:
-    branches: [ main, development, rogue_one ]
+    branches: [main, development, rogue_one]
   pull_request:
-    branches: [ main, development, rogue_one ]
+    branches: [main, development, rogue_one]
 
 env:
   CARGO_TERM_COLOR: always
@@ -14,19 +14,19 @@ jobs:
     name: Build all crates & run unit tests
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - name: Build all crates
-      run: cargo build --release --verbose
-    - name: Run unit tests
-      run: cargo test --verbose
+      - uses: actions/checkout@v2
+      - name: Build all crates
+        run: cargo build --release --verbose
+      - name: Run unit tests
+        run: cargo test --verbose
 
   shellcheck:
     name: Shellcheck
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - name: Shellcheck
-      run: shellcheck install-guard.sh
+      - uses: actions/checkout@v2
+      - name: Shellcheck
+        run: shellcheck install-guard.sh
 
   formatting:
     name: Formatting check (cargo fmt)
@@ -39,10 +39,26 @@ jobs:
       - name: Rustfmt Check
         uses: actions-rust-lang/rustfmt@v1
 
+  linting:
+    name: Linting check (clippy)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+          components: clippy
+      - uses: actions-rs/clippy-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+          args: -- -D warnings
+
   aws-guard-rules-registry-integration-tests-linux:
     strategy:
       matrix:
-        os: [ ubuntu-latest, macos-latest ]
+        os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     name: Integration tests against aws-guard-rules-registry
     steps:
@@ -141,10 +157,10 @@ jobs:
       - name: Run integration tests using parse-tree command
         run: |
           cd aws-guard-rules-registry/rules
-          
+
           $FAILED_RULES = @()
           $SKIPPED_RULES = @()
-          
+
           $rules  = @(Get-ChildItem -Path .\ -Filter *.guard -Recurse -File)
 
           Foreach ($rule in $rules) {
@@ -158,19 +174,19 @@ jobs:
               $FAILED_RULES += "$rule"
             }
           }
-          
+
           $SKIPPED_RULE_COUNT = $SKIPPED_RULES.Length
           if ($SKIPPED_RULE_COUNT -gt 0) {
               echo "The following `$SKIPPED_RULE_COUNT.Length` rule(s) were skipped because they contained only comments:"
               echo $SKIPPED_RULES
           }
-          
+
           $FAILED_RULE_COUNT = $FAILED_RULES.Length
-  
+
           if ($FAILED_RULE_COUNT -gt 0) {
               echo "The following $FAILED_RULE_COUNT rule(s) have failed the parse-tree integration tests with a non-zero error code:"
               echo $FAILED_RULES
               exit 1
           } else {
               echo "All the rules have succeeded the parse-tree integration tests."
-          }
+          }
@@ -35,6 +35,10 @@ Guard can be used for the following domains:
 * [Guard CLI](#guard-cli)
   * [Installation](#installation)
   * [How does Guard CLI work?](#how-does-guard-cli-work?)
+* [Rule authoring references](#references)
+* [Built-in functions & stateful rules](#functions)
+* [AWS Rule Registry](#registry)
+* [Use Guard as a Docker Image](#docker)
 * [License](#license)
 
 ## FAQs
@@ -222,7 +226,7 @@ Check `help` to see if it is working.
 
 ```bash
 $ cfn-guard help
-cfn-guard 3.0.0-beta
+cfn-guard 3.0.0
 
   Guard is a general-purpose tool that provides a simple declarative syntax to define
   policy-as-code as rules to validate against any structured hierarchical data (like JSON/YAML).
@@ -489,7 +493,7 @@ cfn-guard test -r api_gateway_private_access.guard -t api_gateway_private_access
 
 Read [Guard: Unit Testing](docs/UNIT_TESTING.md) for more information on unit testing. To know about other commands read the [Readme in the guard directory](guard/README.md).
 
-## Rule authoring references
+## <a name="references"></a> Rule authoring references
 
 As a starting point for writing Guard rules for yourself or your organisation we recommend following [this official guide](https://docs.aws.amazon.com/cfn-guard/latest/ug/writing-rules.html)
 
@@ -507,15 +511,54 @@ As a starting point for writing Guard rules for yourself or your organisation we
 9. [Composing named-rule blocks in AWS CloudFormation Guard](https://docs.aws.amazon.com/cfn-guard/latest/ug/named-rule-block-composition.html)
 10. [Writing clauses to perform context-aware evaluations](https://docs.aws.amazon.com/cfn-guard/latest/ug/context-aware-evaluations.html)
 
+## <a name="functions"></a> Built-in functions & stateful rules
 
-## AWS Rule Registry
+Guard 3.0 introduces support for functions, allowing for stateful rules that can run on a value that's evaluated based 
+on some properties extracted out of a data template.
+
+### Sample template
+
+Imagine we have a property in our template which consists of a list called as `Collection` and we need to ensure
+it has at least 3 items in it.
+
+```yaml
+Resources:
+  newServer:
+    Type: AWS::New::Service
+    Collection:
+      - a
+      - b
+```
+### Sample rule
+
+We can write a rule to check this condition as follows:
+
+```
+let server = Resources.*[ Type == 'AWS::New::Service' ]
+rule COUNT_CHECK when %server !empty {
+    let collection = %server.Collection.*
+    let count_of_items = count(%collection)
+    %count_of_items >= 3
+    <<
+      Violation: Collection should contain at least 3 items
+    >>
+}
+```
+
+Expected outcome is that rule fails showing us the violation message since our template is non-compliant.
+
+For detailed documentation regarding all supported functions, please [follow this link](./docs/FUNCTIONS.md). For limitations of functions usage, please read [this note](./docs/KNOWN_ISSUES.md#function-limitation).
+
+## <a name="registry"></a> AWS Rule Registry
 
 As a reference for Guard rules and rule-sets that contain (on a best-effort basis) the compliance policies that adhere
 to the industry best practices around usages across AWS resources, we have recently launched
 [AWS Guard Rules Registry](https://github.com/aws-cloudformation/aws-guard-rules-registry).
 
 
-## Guard Docker Image launched on [ECR public gallery](https://gallery.ecr.aws/aws-cloudformation/cloudformation-guard)
+## <a name="docker"></a> Use Guard as a Docker Image  
+
+Guard is also published as an ECR image in [ECR public gallery](https://gallery.ecr.aws/aws-cloudformation/cloudformation-guard) and can be used as an image in a docker container.
 
 ### Prerequisites
 
@@ -541,6 +584,7 @@ We should see the evaluation result emitted out on the console.
 
 * We use the tag `latest` for the most recent docker image that gets published in sync with `main` branch of the `cloudformation-guard` GitHub repository.
 * We use the convention `<branch_name>.<github_shorthand_commit_hash>` for tags of historical docker images
+
 ## License
 
 This project is licensed under the Apache-2.0 License.