Skip to content

Commit

Permalink
Merge branch 'custom-opa' into go2rego-azure-2
Browse files Browse the repository at this point in the history
  • Loading branch information
nikpivkin committed Aug 21, 2024
2 parents 08f9eab + 8c786bd commit 644702f
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 12 deletions.
7 changes: 2 additions & 5 deletions .github/actions/setup-opa/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,5 @@ runs:
- name: Setup OPA
shell: bash
run: |
curl --retry 3 -L -o opa_linux_amd64_static https://github.com/open-policy-agent/opa/releases/download/v0.65.0/opa_linux_amd64_static
curl -L -o checksum https://github.com/open-policy-agent/opa/releases/download/v0.65.0/opa_linux_amd64_static.sha256
sha256sum -c checksum
chmod 755 ./opa_linux_amd64_static
sudo mv ./opa_linux_amd64_static /usr/local/bin/opa
make build-opa
sudo mv ./opa /usr/local/bin/opa
10 changes: 10 additions & 0 deletions .github/workflows/outdated-api-update.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ on:
permissions:
contents: write

env:
GO_VERSION: '1.22'

jobs:
outdated:
runs-on: ubuntu-latest
Expand All @@ -14,6 +17,11 @@ jobs:
uses: actions/checkout@v4
with:
token: ${{ secrets.AUTO_COMMIT_TOKEN }}

- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}

- name: Fetch outdated API data from trivy-db-data repo
id: outdatedapi
uses: fjogeleit/http-request-action@v1
Expand All @@ -25,8 +33,10 @@ jobs:
OUTDATE_API_DATA: ${{ toJson(steps.outdatedapi.outputs.response) }}
run: |
make outdated-api-updated
- name: Setup OPA
uses: ./.github/actions/setup-opa

- name: OPA Format
run: |
opa fmt -w . | grep -v vendor || true
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/test-rego.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ on:
- "**/*.md"
- "LICENSE"
merge_group:
workflow_dispatch:

env:
GO_VERSION: "1.22"
Expand All @@ -23,6 +24,10 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}

- name: Setup OPA
uses: ./.github/actions/setup-opa

Expand All @@ -35,9 +40,5 @@ jobs:
exit 1
fi
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}

- name: Test Rego checks
run: make test-rego
3 changes: 3 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,6 @@ verify-bundle:
cp bundle.tar.gz scripts/bundle.tar.gz
go run ./scripts/verify-bundle.go
rm scripts/bundle.tar.gz

build-opa:
go build ./cmd/opa
6 changes: 3 additions & 3 deletions cmd/opa/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@ import (
"fmt"
"os"

// register Built-in Functions from defsec
"github.com/aquasecurity/trivy-checks/pkg/rego"
_ "github.com/aquasecurity/trivy/pkg/iac/rego"
"github.com/open-policy-agent/opa/cmd"

"github.com/aquasecurity/trivy-checks/pkg/rego"
_ "github.com/aquasecurity/trivy/pkg/iac/rego" // register Built-in Functions from Trivy
)

func main() {
Expand Down

0 comments on commit 644702f

Please sign in to comment.