-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make it easier to pull in OPA in Github Actions #3014
Comments
I'm not familiar with implementing actions. Would this be another artifact we have to publish with each release or can it be decoupled from the OPA release cycle. Obviously it would be nice not to have to build and publish another artifact. |
Here are the sources for the setup-go action: https://github.com/actions/setup-go/blob/main/src/installer.ts -- tl;dr: the version to be installed will be input to the script, there's no extra artifact to provide when releasing, as long as we keep the structures intact ( |
One thing -- I can imagine finding this useful, but having some actual feedback from the community would be great. Perhaps we can post this issue in Slack to gauge interest? 🤔 |
That OPA itself is useful as part of CI/CD pipelines is pretty much implied in this context, no? 😄 All this would do is to remove some of the current ceremony around that. IMO, we don't really need to look outside our own repositories to see how this is useful, but if we do I have at least 5-6 personal repos where this would be desirable too. |
😄 You're quite right. Let's do this. 🚀 |
I've learnt recently that you don't need to use JS for actions; you can create "composite actions" that are basically shell script steps. This should make this a low-hanging fruit, shouldn't it? 🤔 Well, to support fancier "version matching", as outline above, we might need more than just bash, though. |
My understanding of composite actions is basically that they allow you to extract a common task, and reuse that across other tasks and files. I'm not sure whether they can be "exported" to the Github marketplace. |
I could be wrong, but from the docs, https://docs.github.com/en/actions/creating-actions/publishing-actions-in-github-marketplace, it seems to be like "javascript actions" and "composite actions" were equals. That said, any more complicated feature will likely require JS (or TS) anyways. |
Just add more info in case it helps design this one. 😃 For me, I am currently using like opa-test:
name: OPA - Test
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Download OPA Binary
run: |
curl -L -o opa https://openpolicyagent.org/downloads/latest/opa_linux_amd64
chmod 755 ./opa
- name: Test
run: |
./opa test policies/*.rego -v There is a third-party GitHub Action using shell script without JavaScript, which basically doing same thing underneath: https://github.com/petroprotsakh/opa-test-action |
For even greater brevity, you can use the opa:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: docker://openpolicyagent/opa
with:
args: "test --ignore=*.yaml --ignore=*.json -v policies" |
@tsandall I was writing an example on how to setup cost polices with opa and I needed the setup-opa action, so I wrote it: infracost/setup-opa. I’d be happy to transfer it to you if you want to keep it under the open-policy-agent org. Let me know either way, I don’t want to scoop you on the marketplace name if you already have something in the works. |
@tim775 this looks great! I think it would be nice to host this under the OPA organization on GitHub so that people have an easier time finding it. If we transfer it to the OPA organization, would you be interested in continuing to maintain it? I'm guessing the support is quite minimal but things always come up from time to time. |
Of course. According to the github docs it looks like we transfer it directly to you, then you can transfer it into the org. @alikhajeh1 could you please transfer infracost/setup-opa to @tsandall |
I tried transferring infracost/setup-opa to @tsandall I added you as admin to https://github.com/infracost/setup-opa, can you please try the transfer to see if it works for you? (given your access to the open-policy-agent GH org) |
🥳 |
Expected Behavior
In order to use OPA in a Github Actions workflows, I'd like to be able to do something like this:
with niceties like caching etc provided by the action.
("inspired" by the setup-go action)
Actual Behavior
Everyone having to manually download OPA, keep track of versions, handle caching, etc.. themselves.
The text was updated successfully, but these errors were encountered: